By Mr. Raj Sivaraju, President of APAC, Arete
Over the last few years, the development and growth of the banking and finance sector have been consequential, but sadly so has been the number of cyberattacks and threats against them. Cash transactions have become a thing of the past, and banking as we know it has shifted majorly online.
According to a 2020 study conducted by German database company Statista of 5000+ homes across 25 states in India, 50% of the respondents claimed to send and receive money digitally. Additionally, 31% of respondents said they have a smartphone banking application.
Naturally, this number escalated further during the pandemic, given that cashless transactions were deemed infinitely safer, more convenient, and more manageable. However, as this acceleration towards technological advancements emerged, so did the vulnerability.
While the banking industry is concerned with the shortage of reliable and talented technical professionals, regulators push to make payment platforms interoperable, giving cyber threats ample opportunities to spread their wings.
Vulnerabilities in The Banking Sector
Earlier this year, the Indian government informed parliament that cybercrime losses had risen to INR 63 crore in 2020-21. These crimes are attributed mainly to ATM/Debit Cards, Credit Cards, and Internet Banking frauds.
Additionally, given the increase in smartphone penetration and mobile banking facilities, there has been a significant uptick in cyberattacks on Android and iOS devices. In this context, malware and ransomware are being particularly highlighted.
According to industry experts, mobile banking Trojans are especially dangerous and can take away money from users’ accounts by masking malicious applications as legitimate platforms. These approaches lure unsuspecting users into the trap of installing malware and getting robbed in a seemingly innocuous manner.
Furthermore, such security breaches can compromise sensitive data information, leading to identity theft. Therefore, it has become imperative for banks to continuously update their security features and measures to ensure a safe and secure banking experience for users.
Latest Developments Around Cybersecurity
Losing money is traumatizing, especially for those who lose money because of certain cyber threat elements. However, with the latest developments in the cybersecurity era, these criminals can be kept at bay. While cutting-edge security arrangements such as firewalls, intrusion detection, prevention systems, and anti-malware are mandatory, banks can take some advanced steps.
In terms of net banking security, banks can integrate PIN security. In this approach, a PIN is generated randomly by the system and encrypted to facilitate authentication at par with global encryption standards. This PIN is usually not accessible to anyone, not even the system administrator, to ensure foolproof safety.
In addition, from the lens of cybersecurity, dual authentication has gained significant prominence. This process includes SMS OTP (One Time Password) and Debit Card/ATM PIN authentication. Also, the Reserve Bank of India (RBI) has given direct instructions providing customers with zero liability if they inform the bank about fraudulent activity within three days.
To assist customers in this regard, banks should take help from technology to build transparency through instant-alert services to notify customers via SMS or email alerts about deposits, withdrawals, and third-party transfer transactions. Furthermore, banks can embed security features such as 128-bit encryption on a web page so that active threat elements cannot intercept confidential and sensitive communication.
Security: Not A Cost, But A Plus
Banks today are dealing with dual-blade swords. On the one hand, they have the challenge of securing customers’ information and financial assets. On the other, they must provide futuristic banking services to sustain the competitive landscape.
This is the century’s battle, which demands rigorous planning, resources, and expertise. However, banks can win this war by collaborating with like-minded cyber risk management experts. However, they have to consider security as an additional feature and not just an expensive expenditure.
There’s a popular quote doing rounds in the social media universe, “it takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it“. While this quote might seem slightly on the dramatic end, it has a certain ring of truth. Therefore, it is a must for financial institutions, especially banks, to pay special heed to the latest cybersecurity advancements while simultaneously taking action to educate their customers.
