Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Layered Security in Banks: The Physical and Digital Parallels

Alex Tay, Director, Identity and Data Protection, ASEAN region, Gemalto | July 1, 2016
To understand what kind of cyber-attacks banks are susceptible to, it’s necessary to look at the various parallels between the security approaches required in the physical bank, and those that need to be employed in the realm of digital banking.

The Physical Layers and Their Digital Equivalents

It's interesting to consider the security layers within the physical bank, and their equivalents in the digital world:

  • Where a guard may be hired to prohibit thefts at the bank branch, the digital equivalents are the controls that are put in place to establish the authenticity and integrity of user devices like smartphones, tablets, and laptops.
  • In the branch, a customer will need to sign a new account application. In online banking transactions, digital signing is employed.
  • In a branch, customers may need to provide a driver's license or some other form of ID to establish their identity. In the digital world, mobile banking customers may be required to go through a multi-factor authentication process before making a withdrawal.
  • In the physical bank, valuables are held in the vault. In the digital bank, encryption serves as the mechanism that safeguards the sensitive assets being held.
  • Over the years, banks have established increasingly rigorous policies for audits and other processes to validate that the necessary safeguards have been implemented. In the digital sphere, security professionals leverage sound fraud management to track transactions, analyse trends, and identify and prevent fraudulent activities.
  • Just as keys to vaults and other rooms have to be safeguarded at all times, so too must the cryptographic keys that the digital bank manages.

The key takeaway from all this is that no one tool or tactic will provide absolute, 100 percent fool-proof security. That was true in the physical bank and it is just as true in the digital bank where funds and information will never be safe from cyber espionage. While the concept of layered security isn't new, new security threats continue to follow and banks should never be complacent in the fight against physical and virtual criminals.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.