By David Smith, Smart Card Technical Consultant
As technology continues to cause rapid transformation across every sector in today’s world; the banking industry inclusive, the challenge of security is one subject that dominates conversations in E-banking spheres globally.
Electronic banking also known as online banking, involves a process where customers of a bank use the internet on internet enabled devices to carry out banking transactions on-the-go or at home.
It is also worth mentioning that not all electronic banking tranactions must be internet enabled. The option of using USSD (Unstructured Supplementary Service Data) or quick codes still abound. However, internet-enabled electronic banking transactions are far more prevalent.
This service is provided by the bank as a means of streamlining its services to customers, thus reducing banking hall population at any given time. Most E-banking systems come with a user-friendly interface that with proper guidance, even the least tech-savvy individuals can carry out transactions easily.
The process requires the customer to visit the bank’s website, key in his/her unique username and password, then a dashboard shows up where transactions can be done. If need be, sometimes, customers might be required to receive and enter an OTP (One Time Password) before accessing their account.
So far, the process, having lived up to expectations, has proven that technology is the ultimate recipe to drive rapid growth in the banking industry and the e-commerce industry in a broader context.
However, the system is burdened with a major challenge which is security. Security has been a primal concern with everything that pertains to being online, and the E-banking system is no exception.
If a malware fails to hit the system and disrupt the entire process, hackers would interfere and cause chaos in the system. These attacks could be a result of tiny security cracks on the website or on personal computers/gadgets. User carelessness is another contributing factor. Mobile banking transaction loopholes further increase the security vulnerabilities of E-banking.
In this article, we’ll be looking at 5 of these security vulnerabilities associated with electronic banking. By vulnerabilities, we are looking at loopholes or pores that leave the electronic banking system prone to attacks; attacks which can translate to the diversion of substantial funds into the account of cyber assailants.
5 Online Security Vulnerabilities of Electronic Banking
1. Using Unsecured Wi-Fi Connections
Most customers will revel in the idea of free Wi-Fi connections to surf the web on the same PCs or mobiles with which they carry out electronic banking transactions. While the idea might seem cost effective, it could actually cost the user more when trouble sets in.
Some of these Wi-Fi connections are unsecured and serve as the bait set by cyber criminals to gain access into the PCs or mobile systems of their targets. Using free Wi-Fi connections can lead to security and privacy breach, one which cyber assailants stealthily hijack.
2. Third Party Applications
This security challenge is more common in mobile banking. Usually, the banks instruct customers to download official apps from their website or recommend a trusted supplier to handle mobile application creation and control.
However, customers usually prefer to download these apps themselves from mobile app stores, and this is a potential security breach that cybercriminals tend to exploit, always.
Hackers could create an exact replica of the apps, stock them up with malware and put it out there for customers to download. These customers aren’t software or app developers, they can’t tell which is secure, so they download and run into problems.
The good news, however, for Android smartphone users, is that Google Play Store now scans every app you download to determine if it’s safe for use or not. It does not totally eradicate fraud scenarios, but it helps.
3. Phishing Attacks
Internet fraudsters use a process called phishing to obtain private information on their preys, one that comes in handy when they wish to commit cyber atrocities. The phishing process involves the distribution of email messages or links that look legitimate to recipients.
A click on such emails or links which might require you to part with private info is all that is needed to attack a victim’s finances. Since most customers usually can’t tell which email is from a trusted source or not; they are advised to apply discretion before clicking or open any link sent to them. If you do not feel sure about a link or email, it is best to chuck it in the spam folder of your email and contact your financial institution.
4. Slip-ups and Omissions
This is an internal security challenge. In the course of data capturing, errors can be made either intentionally or not, either from the data supplier or customer’s end that bypasses fraud/error detection systems. Wrongful supply of sensitive information used in creating a personal banking profile may leave loopholes for hackers to breach.
5. Staff Integrity
Although this scenario seldom occurs, it’s a possibility that shouldn’t be ruled out entirely. Internal staff who have access to the web database of the bank or the entire security framework could tamper with it and wreck the whole system.
They could also water down the network’s firewall, thus leaving it exposed to attackers. This unprofessional behavior could stem from grievances against the management and are carried out as a form of personal vendetta at the expense of the entire security of the financial institution and its clientele base.
Conclusion
The tremendous growth of mobile or electronic banking lends credence to the fact that its acceptance is rising exponentially. Managing secure transactions on these electronic platforms has however proved to be challenging for the banking industry.
Growing concerns about the safety of online transactions have continued to dominate electronic banking spheres. However, stringent security measures are being integrated into various online banking platforms to curb the pervasive cases of security breaches that lead to a colossal loss of data and valuable financial assets.
The message of paranoia and watchfulness should keep being reiterated to users as a means of limiting or stopping in its entirety, the attacks targeted at them.
About the Author
David Smith is a cryptographer with 12 years of experience in both the public and private sectors. his expertise includes: system design and implementation with contact and contactless smartcards, smartcard personalisation and mobile payments. Occasionally consults with smart card companies at websites like www.cardzgroup.com
