Last year there were hundreds of cyber fraud incidents that struck banks and put consumers’ personal data at risk, even though the one involving Target stole the scenes. These crimes included payment card skimming, denial-of-service and web app tampering.
As we’ve discussed, security is a top concern for banks at the board level. It’s not that the criminals are particularly bright and that’s why they’re causing so many problems, but rather, security for banks just cannot keep up with the volume and type of attacks. Security can also be under-resourced and/or putting too much of its attention in the wrong places.
A web app attack is the interference of web applications, (such as sending a phishing e-mail ) that tricks the recipient into revealing their banking information. Another example is cracking passwords.
Web attacks are ubiquitous and can be conducted by mediocre-skilled crooks, hunting for the user names and passwords of online banking customers. Banks are responding by beefing up verification processes for their customers rather than relying on just the one-step authentication.
The denial-of-service attack is the second big threat upon banks, when malicious traffic is heaped upon the institution’s web server to disrupt site operation. A malfunctioning site turns off customers—including potential customers. But a DDoS attack can also be launched to divert attention away from another planned attack that actually steals data.
Payment card skimming hits banks hard. The crook puts a phony card reader over the card-swiping device to collect the card’s data off its magnetic strip. The thief will then create phony ATM cards.
The skimming tool can be made at home with a 3D printer—and the cost of the printer can very quickly be recovered with fraudulent use of the phony cards. Skimmers are not traceable, putting a lot of load on bankers’ backs. The fact that some ATMs are remotely located doesn’t help.
There’s still room for the criminals to become savvier, joining forces and sharing ideas, getting organized etc. However, many still remain solitary, which enhances their ability to go undetected.
As renowned security expert Bruce Schneier recently said “Security is now about resilience – it’s not about defense. Banks must up their security awareness, and have a plan in place to respond quickly and thoroughly should there be a breach.
Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.
Follow Robert Siciliano on Twitter: www.twitter.com/RobertSiciliano