Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Web fraud: The bane of digital banking

Lim Chin Keng, Director of Security Solutions, APAC, F5 Networks | April 8, 2016
Lim Chin Keng of F5 Networks talks about cybercrime and how its affecting banks today.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

Most people sleep peacefully at night knowing their hard earned money is resting safely in banks. However, in recent years, things have changed. The finance industry has been revolutionised by digital technology, and this has made it more vulnerable to security threats. 

In Asia alone, digital banking consumers are expected to reach approximately 1.7 billion by 2020. The year-on-year growth of internet and mobile channels for various banking services averages 35 percent. While all of this translates into ultra-convenience for consumers, it has also opened up the playing field for cybercriminals to wreak havoc for banks.

What once started out as "Nigerian email scams" seemingly eons ago, has evolved to highly complex, targeted operations that rake in billions of illegally-gained dollars. Attacks now come in all forms, from web fraud, DDOS attacks and POS intrusions to crimeware, malware and cyber espionage. Adding to the complexity is the fact that there is no defined target spectrum for these cybercriminals. Organisations and individuals alike are in their crosshairs.  

Cybersecurity Issues Faced by Banks
One major issue faced by banks in Asia Pacific is the prevalence of malware specifically designed to target them and their customers. In the first 3 months of this year alone, new variants of financial trojans Tinbapore and Gootkit were found to be targetting banks and financial organisations in Asia. These developments point to the rapid evolution such threats undergo. For example, Gootkit prepares its attacks by using a video recording functionality before it launches actual attacks on the websites of financial institutions.

This means that cybercriminals now have the ability to study the internal processes of financial transactions within a bank and can easily look for gaps in approval processes with the new insights. This is an example of the creativity that cybercriminals today possess and the effort they are willing to put in to refine the process by which they approach their victims and conduct their criminal activities.

Another issue is banks in Asia Pacific generally adopt a reactionary approach to cybersecurity by investing in resources only after an attack, or simply abiding to regulations. Quite often, there are few to zero cybersecurity professionals on their payroll, and they rarely engage the services of specialist cybersecurity organisations. Additionally, in some countries, there are limited comprehensive cybersecurity policies and regulations within banks and financial organisations, and even policies sanctioned by the government are not robust enough to make up for this shortcoming.

The final issue faced by banks and financial organisations in Asia Pacific is having to protect themselves against cyberthreats across multiple banking channels. With the rapid digital transformation of banking services, it is growing increasingly arduous to keep an eye on all of these banking channels. Even if there are safeguards in place to protect these channels, cybercriminals have proven to be savvy enough to find and exploit loopholes in the digital infrastructure of these banking channels.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.