Massive amount of cash, large transaction volume and multiple access channels make banks top priority targets for cyber criminals. As financial institutions get better at defending, attackers get better at hacking. For instance in the first quarter of this year, more than 947,027,517 malicious attacks were identified by Kaspersky from online points in 203 countries. It detected PC-malware registered on 305,315 user computers aimed at stealing money via online bank accounts. In addition, it exposed 29,841 mobile banking trojans and malwares directed at purloining credentials and money from bank accounts. Furthermore, distributed denial of service attacks rose by 84% compared to Q4 of 2018.
Similarly, the recent fraud report by Cifas, analysed 323,660 fraud cases, and found that annual fraud figures in the UK is on the rise. Plastic card fraud went up by 41% and money mule accounts went up by 26% compared to the previous year.
How robust are banks’ security infrastructure in tackling cyber-attacks? The research by security analysts at Aite revealed that many financial services mobile apps have insecure data storage, inadequate authentication and code tampering.
Another key concern is insider attack. A recent INSIDER THREAT report stated that 90% of companies surveyed are susceptible to insider attacks. Malignant employees directly harming the company via theft or disruption costing firms more than $8.7 million.
Here are 8 top tech trends in banking enterprise security:
- Advanced Web Application Firewalls: The worrisome threat of Distributed Denial of Service attacks such as in the case of Bank of Span and HSBC require proactive measures. Although Web Application Firewalls are most effective against DDoS attacks, they are less effective against vulnerability and fraud detection but advanced web application firewalls are more effective when integrated with other security systems, as revealed by Ponemon institute survey.
- Biometric Security: Fingerprints, face recognition, hand geometry, handwriting, iris, retinal, voice and full palm vein body features have been useful in securing financial services. While facial recognition is found to be most secure and currently being used by Lloyds, Halifax, and Bank of Scotland as well as full Palm vein used by top Japanese banks; voice and iris scan features have been discovered to be less secure.
- AI in Anti-money Laundering: Reinventing the customer experience featured AI powered chatbots becoming common place in transforming customer banking experience. Additionally, AI can spot patterns in transactions to identify fraud or money-laundering and can reduce cost of AML compliance by $217 Billion. It is currently being used by banks like CitiBank and Barclays Africa.
- User and entity Behaviour Analytics: User and entity behaviour analytics technologies together with access control and intrusion systems analyse suspicious patterns to detect insider attacks and outsider infiltration from hackers on your enterprise and alert your security team when policies have been violated. Additionally, it helps to identify areas internal users require more security training.
- Two-factor Authentication: 70% of customers across 13 countries in Europe as well as Australia and USA have rated two-factor authentication, fingerprint recognition together with password as safest when compared to microchip implant and voice recognition systems, ING report states. Two-factor authentication provides additional layer of security which provides code cycles that hackers are not able to keep up, Like JETHRO’s jPrivacy.
- Mobile Payment Security: A recent finextra report suggested the need for your mobile payment apps development to be native as they would be more secure compared to web applications having passed through best practices stipulated by reputable app stores and accessible by your customers. Changing acceptable login credentials from customer identifiable data to encrypted fingerprint scan or credit card photo seems better since the data might be stored on the device, leaving your customers prone to susceptibility. Adding that your mobile banking app will be more secured if it uses certificate pinning in its communication channel. Encryption and tokenization can be used to ensure data loss prevention in the event of an attack. These technologies enable data to be secured during business processes.
- Banking System Upgrade: In today’s threat landscape, financial institutions using legacy systems will face immense disruption to services resulting in negative impact on customer experience. You might explore upgrading your core banking to a recent system. The new system, not only comes with enhanced features, but also ensures operational efficiency resulting in optimum return on investment.
- Real-Time Fraud Mitigation: Real-time fraud-mitigation solutions make use of machine learning, big data, risk modelling, and dynamic profiling and can detect fraud in digital banking, enterprise payment and internal fraud with less false-positives and losses, resulting in faster investigation time. Such solutions are compatible, flexible and adaptable with many platforms and banking systems.
In conclusion, prevention technologies are as important as detection and response systems. An ideal solution utilizes multiple layers of security and meaningful partnership that ensure results.
Two-factor authentication and biometric will provide adequate access control, as well as upgrading your banking system and adopting real-time fraud detection solution will ensure unnecessary disruptions to banking operations are avoided -and JETHRO is here to assist.