Digital banking moves the traditional financial transactions and banking activities online. Digital banking offers many key advantages to consumers, including faster processing of transactions and easy access to account services, bill pay, loan applications, and account management all on a digital platform.
In his article “How to be a truly digital bank” published in the Journal of Digital Banking, Rajashekara Maiya, the Associate Vice President of Infosys, says that for a bank to be truly digital, it must rise to its customers’ “basic expectations of convenience, speed, and personalization.”[1]
Many banks have met this challenge, but not without setbacks. Account takeovers, electronic fraud, and security breaches plague this industry, creating real risks to banks and consumers alike. We discuss the biggest threats to banks and customers in the realm of digital banking, as well as how to protect yourself from these threats.
Biggest Threats to a Bank’s Cybersecurity
The biggest threats to a bank’s cybersecurity today are:
1. Unencrypted Data
Any financial information that is stored on bank computers should be encrypted, which can be an important first line of defense against hackers if they do obtain it. Without this protection, hackers can immediately use the stolen data to cause havoc to a bank and its customers.
2. Third-party Applications
Third parties will continue to be targeted because they create an extra entry point to banks. Banks use third-party services to try to better serve their customers, but if these third-party vendors lack effective cybersecurity measures, banks may unwittingly expose their customers to security breaches.
3. Manipulated Data
There is a common misconception that hackers only target banks and financial institutions to steal data. However, sometimes these criminals merely manipulate the data, which may be much more difficult to detect because the transactions appear authentic. Because of the difficulty inherent in detecting this type of fraud, the crime may continue for a longer period of time, causing more harm as time elapses.
4. Omissions and Errors
Some cybersecurity problems occur because of a bank or bank’s employee’s mistake or error. A banker may apply certain information to one account owner that belonged to another. A bank employee may accidentally leave a browser open, exposing confidential banking information.
5. Staff Integrity
Staff who will work with customers’ financial data must be carefully vetted because they are often in a position of trust and authority. They may be able to imperceptibly manipulate data or syphon funds without being immediately detected, so banks must be careful in who they place in these positions.
One of the key security issues in digital banking is managing privileged access to sensitive information and systems. Implementing effective privileged access management (PAM) solutions can help financial institutions mitigate risks and ensure secure access to critical resources.
Top Security Vulnerabilities of Electronic Banking
Consumers face their own fair share of cybersecurity vulnerabilities when using electronic banking, such as:
1. Using Unsecured Wi-Fi Connections
With traditional forms of banking, customers could carefully handle their cash and then hand it to a cashier to place in their account. However, today, many of these transactions occur online. This is more convenient, but it also subjects the consumer to security risks. If the consumer uses an unsecured Wi-fi connection, other people may be able to see the transaction and gain access to the account.
2. Identity Theft and Phishing Threats
David Lukic, a cybersecurity and identity theft expert at ID Strong, reports that criminals have been exceptionally busy during the COVID-19 crisis and the number of cyber incidents has risen dramatically since the beginning of the crisis. This means that banks and consumers alike must be particularly diligent with their cybersecurity.
In “Developing a measure of information seeking about phishing” published in the Journal of Cybersecurity, researchers explain:
Phishing e-mails are fraudulent e-mails used to gain access to sensitive information or secure computer systems. They persuade users to click on malicious links, download attachments, or provide sensitive information, such as usernames or passwords.[2]
Once a consumer takes this action, the thief has sensitive information that can be used to commit identity theft or manipulate the customer’s account.
3. Malware
Malware is one of the most common cybersecurity threats to banks and consumers alike. Devices are infected, and criminals are able to access user data and steal it.
4. DDoS Attacks
A distributed denial-of-service (DDoS) attack slows down websites and makes them unavailable to users. Approximately 14 percent of cloud attacks are DDoS attacks.[3] In a survey by VeriSign, a study on DDoS threats surveyed 400 companies in the United States and Europe and found that 74 percent of them had experienced at least one DDoS attack and 31% had experienced service disruption.
5. Corporate Account Takeover
Account takeovers have single handedly led to the loss of billions of dollars. These attacks target active user accounts and assess them for security vulnerabilities. This can cause customers to be locked out of their own accounts, stopped from using their banking services, and defrauded by unauthorized transactions. Ultimately, these accounts may be sold on the dark web.
6. Skimming
Skimming occurs when a criminal attaches a device to an ATM machine or other point of sale system and extracts the information from cards that are inserted into the device. The prevalent use of EMT cards has lessened the usefulness of skimming for criminals, but it has not completely eliminated its occurrence.
7. Spoofing
Spoofing occurs when a hacker impersonates a bank’s website that looks nearly identical and functions similarly. Once a user enters his or her login information, the system steals it for criminals to use later.
How to Protect Yourself: from Banking Trojans to Social Engineering Scams
1. Prevent Account Opening Fraud
Account opening fraud involves someone else opening an account without your authorization. Due to the COVID-19 pandemic, this is even more common and easier because many people are opening accounts online since many banks are closed to the public.
When you do not authorize the account opening, it may be difficult for you to detect this type of fraud until your credit starts being affected by it. One solid way to prevent this type of fraud is to enroll in credit monitoring so that you are notified immediately if a new account is opened with your personal information.
2. Access Your Accounts from a Secure Website
Whenever you log onto your digital accounts, be sure you are doing so from a secure connection. Otherwise, other people may be able to access your confidential information.
3. Ensure You are on the Correct Website and that it is Secured
Make sure that the website you are on is spelled exactly the same. Some thieves create websites that mimic others and are spelled just slightly differently. Additionally, look for the “s” after “http” in the URL to know the site is secure.
4. Use Two-factor Authentication
Two-factor authentication requires a user to provide two sets of login credentials so it is more secure. For example, you may need to input a password and use your fingerprint.
5. Avoid Clicking on Suspicious Links
Avoid clicking on any links that appear suspicious in any way.
6. Use Unique Usernames and Passwords
Strong passwords are the first layer of defense.
7. Don’t Enable Automatic Logins from Your Browser
While it may be convenient, saving your passwords on your browser or allowing automatic logins can be an easy way for criminals to access your accounts.
8. Stop Remote Access and Malware Attacks
Avoid allowing remote access on your devices, which can be used to take over your device and install malware.
9. Monitor Open APIs
Monitoring your application programming interfaces can help you detect potential problems. Consider using proxy servers for extra security. Proxies can be acquired from dedicated marketplaces like ProxyStore.
10. Monitor Your Accounts
Many consumers are able to detect problems with their accounts through diligent monitoring of them.
11. Sign up for Email and Text Alerts
Make your financial accounts more secure by setting up emails and text alerts when a transaction is processed or attempted.
12. Turn off Bluetooth Functionality
One way scammers infiltrate accounts is finding any weakness or opening in a target’s account. Bluetooth provides an access point that can easily be eliminated by turning off Bluetooth functionality.
13. Follow Basic Smartphone Safety and Security Practices
Many people today use their phones for processes well beyond making a phone call. They may store their financial information on their phone to complete fast and contactless transactions. However, mobile phones tend to be less secure than hardwired technology. Additionally, banking apps may contain high-risk security flaws that may make them more susceptible to attack. Consumers can minimize risk by keeping their phones updated, installing antivirus software on them, and increasing their cybersecurity practices.
14. Protect Your Mobile Device with a PIN or Fingerprint ID
Add an extra layer of security by adding a PIN or fingerprint ID to your phone.
15. Keep Your Computer or Device up to Date
Updates often include security patches that can make your device more secure.
16. Use Antivirus and Antimalware Software on all Devices
Install antivirus and antimalware software on your laptop, tablet, cell phone, and any other device.
17. Detect Social Engineering Scams
Social engineering scams exploit human behaviors in order to access company servers. For example, a scammer may manipulate an employee to share their login credentials, which is in turn used to compromise the network. A scammer may send a phishing email to an employee to try to get this information. This source lists common signs across a variety of email phishing scams.
Conclusion
Digital banking offers more convenience to customers, but you must be careful to make your transactions secure.
Author Bio: Ben Hartwig is a web operations director at InfoTracer. He guides on marketing and entire cybersecurity posture and enjoys sharing the best practices. You can contact the author via LinkedIn.
Reference Resource:
[1] Maiya, Rajashekara, 2017, “How to be a truly digital bank,” Journal of Digital Banking, Volume 1, Number 4
[2] Williams, Emma and Joinson, Adam, 2020, “Developing a measure of information seeking about phishing,” Journal of Cybersecurity” Volume 6, Issue 1
[3] Deshmukha, Rashmi and Devadkab, Kailas, 2015, “Understanding DDoS Attack & Its Effect in Cloud Environment,” Procedia Computer Science, Volume 49, 202-210
