Posted by 
Mumbai, March 25, 2010
Ramakrishnan Ramani
News Information Source: www.cio.com | www.computerworld.com
In August last year, an organization representing 15,000 financial institutions issued a warning on the growing spate of cyber attacks, especially on corporate accounts and small banks. Over the months, there does not seem to be any dip. In fact, a recent article in a popular Website brought this growing menace to the fore.
The article states that many businesses have filed lawsuits against their banks and have prompted government regulators to call on financial institutions to improve security systems. According to the US Federal Deposit Insurance Corporation, $120 million was lost from legitimate corporate accounts due to online banking fraud in the third quarter of 2009. Small businesses alone were hit to the tune of $25 million during the period. There are numerous recent cases that exemplify such threats.
Cyber thieves most certainly would have obtained authentic login credentials through dubious means. So is there a strong method to keep away such malicious attacks?
Avivah Litan, an analyst with Gartner states in the article, “…there are plenty of effective fraud detection and authentication solutions that can and are thwarting these attacks when employed by the banks“.
According to Dr Sachar Paulus, “There are regions in the world where there are best practices in place, very much reducing the risk using technological solutions… every transaction is protected with an additional authentication step.”
“The use of Transaction Authentication Numbers is a secure form of authentication unless someone stores these numbers electronically. However, it may be cumbersome. Mobile TANs, which are six-digit random numbers that are sent via SMS just after entering the transfer data to a trusted mobile number that is configured in the account data, are highly secure, but again are cumbersome when considering the business case. Digital signature technology for digitally signing the transaction is a good form of authentication. This is often used with smart cards, but is also available in software-only modes. But these are less secure, of course.”
Dr. Dr Bernhard M Hämmerli, Chair of Scientific and International Affairs (Information Security Society, Switzerland) states, “Counter measures to challenges can be manifold…, but it is possible with Identity Management and encryption to protect data on a higher level of security against the presented attacks; even so some residual attacks remain feasible for talented attackers.”
“A single sign-on solution can solve these problems by supporting both username/password-based and can be even tuned to accommodate multi-factor authentication, allowing businesses to optionally migrate to stronger authentication mechanisms.”
If there are such solutions, why are banks and other targeted institutions not pressing the panic button and procuring security solutions? The answer can probably be deciphered from Ms Litan’s statement, “The bad news is that many banks are not using these solutions and the bank regulators are not paying adequate attention to this.”
Dr Paulus states, “There are actually no laws that prescribe a concrete technical solution. As an example, there are banks in Germany, that still accept e-mail or phone call directives for creating transactions on the behalf of the customer. In such cases, the risk is borne by the bank. This then is a part of their business model.”
So are you paying attention to the security requirements of your institution? Contact the experts. Contact SECUDE.
For more information on SECUDE and what they can offer you, please visit www.secude.com.
