As e-commerce and online banking become more commonplace, the importance of cybersecurity cannot be overstated. Hacking incidents continue to garner publicity and press, and many people have either been victims themselves or know someone who has been exploited by identity theft or some other form of online fraud. This places the onus on financial services firms to spend significant efforts ensuring their online bank security systems are state of the art.
A closer look at the threats to online banking
The types of cyberthreats to Internet banking and e-commerce companies are wide-ranging and constantly evolving. Firms that provide online banking security consistently play a game of catch-up with hackers and other groups involved in nefarious cyberactivity. Notably in mid-March, three individuals were indicted on an array of charges, including wire fraud, access device fraud, and aggravated identity theft.
Many customers of the leading names in finance were targeted by these individuals’ alleged scheme. Citibank, E*Trade, JPMorgan Chase, Nordstrom Bank, PayPal, TD Ameritrade, and USAA were all victimized, as accounts were surreptitiously accessed, then funds were diverted to debit cards and bank accounts controlled by the alleged criminals. Identity theft was leveraged to file fraudulent tax returns to the IRS and help cash out the stolen funds.
Alan Brill, a senior managing director at risk advisory firm Kroll Solutions, told Bank Info Security that enhancing bank security with defensive measures plays an important role in preventing these kinds of crimes. He said he feels these security improvements need to be tailored to better handle the specific types of cyberfraud noted in this case. Financial service companies that are looking to enhance their mobile banking presence need to be acutely aware of the risks from individuals and groups making cyberthreats.
Newly developed malware is a continuing risk
The Trojan horse piece of malware known as Zeus strikes fear in the hearts of many IT personnel responsible for online bank security. Fresh attack techniques devised by hackers are making Zeus even more difficult to detect. The malware stays hidden inside banking systems as well as customers’ computers, allowing hackers easy access to valuable financial information and customer records.
These new hacking methods appear to be related to the same techniques used to infiltrate POS terminals and computer systems at some large retail establishments. The cybercrime against Target struck fear in many shoppers during the recent holiday season. Cybersecurity researchers continue to note the growing similarity between POS and computer hacking, possibly because criminals are sharing information on techniques.
Mobile device proliferation is another important factor in cybersecurity
With more consumers leveraging mobile devices and websites to conduct banking and other financial activity, bank security initiatives must take into account that customers want to access their accounts and perform transactions wherever they are. The cybercriminals in the case described earlier allegedly used hacked mobile devices as one of the methods to compromise online bank security and access customer’s financial accounts.
Microsoft’s move to discontinue support for Windows XP opens yet another pathway for hackers to gain access to customer passwords and vital financial data, especially considering that many consumers still use Microsoft’s older operating system to access bank websites.
Nonetheless, the customer is always right — so to speak — and if they want to conduct financial activity from a computer, smartphone, or tablet of their choice, it is up to the financial services company to ensure their bank security is capable of protecting them. As criminals and hackers share information, it is important that the people on the front line of the cybersecurity battle also share valuable data on protection techniques and malware detection. Additionally, working with a content delivery network (CDN) helps ensure websites and other online assets enjoy state-of-the-art protection.
The benefits of a CDN for bank security
Partnering with an industry-leading CDN is an important part of a bank’s arsenal against cybercrime. Token-based authentication using information secured by a MD5 hash ensures that only the proper users are able to access valuable banking systems. SSL certificates encrypt all data transmitted to and from a banking website, whether it is accessed from a computer or a mobile device.
Referrer blocking keeps out HTTP requests originating from anywhere other than the bank’s website and also lets IT personnel allow requests from other domains of their choosing. A robust reporting engine allows detailed tracking of any forensic data should a problem ever arise. Other useful features, such as access to the Internet’s most important peering points, mean that bank customers are able to access the website quickly and seamlessly, no matter their location.
Thoughtful and detailed bank security is a must for any financial services company. Keeping out hackers while allowing a wide range of functionality and convenient access remains the ultimate goal. Choosing a top-ranked CDN as a technology partner helps banks achieve these goals.
Photo credit: Wikimedia Commons