Report: online banking Security

Portal in cooperation with the supplier of the product identity protection mySafety and the portal has prepared a report in which are the most important issues associated with electronic banking from the perspective of the banks, customers and cyber-criminals. More precisely, the top 10 were analysed in Poland banking institutions: BZWBK, Millennium, Reiffeisen Polbank, BNP Paribas, Pekao S.A., mBank/Orange, T-Mobile/Alior, Getin, ING, PKO BP.

The report contains information about the attacks on banking, security methods on the side of the banks, authorization and authentication methods customers mobile banking and analizję the most popular threats designed to steal funds . In addition, the authors of the report, representatives of the banks and payment institutions and independent experts answer questions:

  • How will ewoulowały attacks on financial institutions?
  • Did the emergence of one transaction authorization tool in Internet banking and mobile?
  • As financial institutions to build internal systems of protection and security?
  • What is the role of the "weakest" in this process, that is, man and how much can do education?

Important points of the report

1. The main challenges for the security of electronic banking in Poland

In the year 2014 reported mean growth of new threats of attacking customers of different banks. In contrast to the safety of the banking branch office, in electronic banking we are dealing with a violent number of new threats.

The popularity of online banking (approximately 13 million active customers) and migration transactions to electronic channels exceeding in some institutions 90% causes the trust in this channel is also critical from a business point of view.

Greater presence in the financial sector, in the electronic environment, non-bank service providers (such as payment institutions, loan companies, bureaux de change, Internet), that the scope and nature of the risks is increasing – smaller operators have fewer resources to the development of the necessary infrastructure, processes, analysis and verification of the security of transactions, and are not explicitly subject to the related regulations.

Hackers are looking for the weakest links in the process of activation/unlock electronic services to take over the identity and to substitution or attack social on the authorization process transfer, replacing Bill to numbers, and by the way take advantage of capabilities such as modifying the maximum limit and to benefit from a cash loan or the credit limit on your account, reflecting earlier diagnosis of e-banking system of the Bank.

2. How is the development of tools of authentication and authorization transaction banking and education customers?

Many of the processes electronic services activation or authorization in Polish banks still carries great risk. The implementation of mobile banking, forced the introduction of alternative methods, to the most popular currently method authorization in Internet banking or sms codes. The use of codes and the mobile application on the same machine, significantly reduces the convenience and carries a risk of the takeover code.

Identity theft and theft of funds from banking becomes a major problem not only business, but also social, that guests in the media and contains the risk of "hot" confidence in the financial sector in the country.

Along with the popularization of mobile banking demand for authorization method, which will provide a comparable level of security to SMS codes for Internet banking. To meet, it is necessary to use secure channel other than the mobile application or use of the undeniable qualities of your banking.

3. What are the main challenges associated with attacks on financial institutions and how you can protect yourself against them?

Attacks on mobile banking and Internet and its customers are becoming more complex, relating to the specific nature of the institution, and that existing, standard methods of response are not sufficient and require the use of in defense of getting more sophisticated methods, mainly affecting the points of contact of customers and employees with the environment.

The undeniable direction is process automation of the collection, analysis, and integration with various sources of data on suspicious transactions and customers. On this basis it is possible to pattern recognition and a preventive measure to reduce the financial loss for the Organization and its customers.

Exchange of information on incidents and cooperation in preventive measures, education and associated with the identification of individual cases, carried out between different players on the market-commercial, administrative and related bodies law enforcement, it's the only way to achieve the desired effects in the never-ending fight against cybercrime. In matters related to the security of the competition should not play the main role. Part of this type of requirements to operators in this market are beginning to already rightly state regulators.

4. What will be the future of online banking security?

In the authentication and authorization of the transaction, we anticipate the development of neuro-related models, which will be systematically standardized, for example by FIDO models (Fast Identity Online).

Search for optimal and universal method of authorization for mobile banking and Internet can also go in the direction of the development of other tools, "second factor", work on standardisation are carried out within the framework of the so-called. USF (Universal Second Factor/Universal Authentication Framework) and may lead to the use of hardware, for example, the "mix" of classical token with type "wearables".

After the internal solutions, financial institutions must be the development of processes and systems who could answer in a very flexible way to emerging threats, such as SIEM (Security Information and Event Management), SOC ( Security Operation Center), anti frauds "scanner" movement and transactions in online banking, międzyorganizacyjne data exchange systems.

Key area you find education customer, vendors IT, State institutions, universities and business, and it's not just in the formula "akcyjności" is fixed "rules", but the current "conveyor belt" of communication and feedback the existing threats. The security of electronic financial sector in the country – and also by the increasing weight and the popularity of e-Government, more and more will be gained dimension State, not just the interests of one of the commercial sectors of the economy.

The full report

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.