SPECIAL FOCUS Safer eBanking Part 2: The security landscape today AND tomorrow

In our first look at safer eBanking, we provided an overview of the threats that exist in today’s online world. Now, we will tackle the levels of security available today and what to expect in the coming years.

Today, most corporate eBanking applications offer secure environments for business customers. This is attributable to two factors - the first being the lack of regulatory protection for corporations or businesses. Without regulations in place, businesses have demanded stronger security from their banks, because if they experience fraud, the bank does NOT have to reimburse them. The second factor relates directly to the velocity and volume of funds. Criminals can get very large sums of money from corporate transactions very quickly from almost anywhere, further reinforcing security demands for corporate banking applications.

While security exists for most corporate banking applications, it can be improved. Security today is very basic and readily compromised. The “arms race” for robbing a bank still leaves the banks painfully behind. Instead of investing in stronger security, banks continue to try to leverage their existing short-term investments to improve security. Where they previously had a dynamic password at login, they now have it at the transaction execution. This year the FFIEC updated banking guidelines to include adoption of a multi-layered approach to combat highly sophisticated attacks resulting from high-profile security breaches – which was a major step in the right direction toward stronger banking protection.

When it comes to attacks, Automated Clearing House (ACH) is emerging as the leading attack vector. The complexity of the transactions (and volume) makes it impossible to adequately protect with the current counter-measures banks have in place. These types of wire transfers are still heavily attacked because of the speed of execution. However, when it comes to protection, it is easier for banks because of the one-to-one transactions and ease to verify the intent with the customer.

On the other end of the attack vector is retail banking, aimed at consumers, who are not often attacked for a variety of reasons. The first reason being the U.S is a credit-based society – customers carry low checking balances (whereas in EU and other regions, retail is attacked heavily). There is also a low speed of money movement and lack of robust functionality for retail. This channel is still quite slow to move money out of a personal account to another bank. Consequently, security for retail customers has basically gone unchanged for the past 5-7 years for several reasons: low risk, low money movement, and low number of attacks.

Historically, consumers view security as “the bank’s problem” and tend to pushback on requirements to use additional security they view as inconvenient. Regulatory protection for consumers exists requires reimbursement for any fraud losses. The trend on the consumer side is to provide a hardened browser for the user to leverage for banking. This is a strong step in the right direction, although limiting in portability and also does not address the mobile sector, which s increasing growing with the rise of the smartphone adoption. The security on mobile devices is largely overlooked as attacks are rare, but this sector will see an increase in attacks as mobile banking continues to grow. New ways of managing money are new targets for attackers.

So what does the future hold? Well for corporate banking strategies, it will mean implementing PKI into the mix. Public Key Infrastructure (PKI) is a cryptographic technique, which enables users to securely communicate on an insecure public network, and reliably verify the identity of a user via digital signatures. 2012 will see banks dramatically improving their corporate banking security with many launching full PKI initiatives to protect ACH fraud - which is the only effective way to address it. While most projects will not complete in 2012, the tipping point will be in sight if not reached already.

Retail banking will begin to evolve and require legitimate security. As customers demand more robust functionality for retail banking, security will become the limiter in what banks can safely deliver. In a new survey, 2012 Faces of Fraud, 58%of the 200+ respondents indicated their institutions would see increased fraud resources this year, yet only 11% have fully conformed since the FFIEC guidance was updated last summer. The need to invest is stronger security technology is here, and banks will begin to recognize this necessity as regulations become tighter.

Mobile banking security will also become a top priority this year and in the years to come. Speculation on FFIEC guidance for mobile is coming, setting requirements to add security elements. Attacks at the mobile channel will proliferate until security is added. To fight this, banks will layer a secure web browsing experience with other technology like one-time passwords (via the mobile phone) for stronger protection.

On the consumer-side, customers will start to demand and expect security. As the demographic of the customer base shifts to a generation that is more familiar with the Internet, customers will put increasing pressure on banks to improve security (and functionality). This new group of consumer knows the threats that exist today online and will begin to pullback from the channel if security is not improved. That said, security could become a new line of business for bank-to-bank relationships, mirroring the correspondent banking relationships that exists today.

  • My comment
  • Comments [10]

Add new comment

06.24.2014 | link wrote:

All you've to do is fill in the form and it is likely to make a customized '. Because the duvet itself is washable, you are able to launder it regularly to cut back dust along with other allergens. This is a great example of taking advantage with the space you have around your laundry room essentials. Next run the washer while it really is empty using trouble.

06.25.2014 | read more wrote:

It's very straightforward to find out any topic on net as compared to books, as I found this piece of writing at this website.

06.26.2014 | video wrote:

Pretty great post. I simply stumbled upon your weblog and wished to say that I have really loved browsing your weblog posts. After all I will be subscribing to your rss feed and I hope you write again soon!

06.26.2014 | Recommended Res... wrote:

I was very pleased to uncover this great site. I want to to thank you for your time due to this wonderful read!! I definitely enjoyed every part of it and i also have you saved as a favorite to look at new things in your site.

11.02.2014 | Chicagoland Gar... wrote:

Right here is the right web site for anyone who wants to understand this topic. You know a whole lot its almost tough to argue with you (not that I really will need to…HaHa). You definitely put a new spin on a topic that's been discussed for many years. Great stuff, just excellent!

11.16.2014 | website anytime wrote:

This is my first time pay a visit at here and i am genuinely impressed to read everthing at one place.

11.26.2014 | Silas wrote:

It's perfect time to make some plans for the future and it is time to be happy. I've read this submit and if I may just I want to counsel you some fascinating things or suggestions. Maybe you can write next articles relating to this article. I want to learn even more things about it!

11.30.2014 | Freddy wrote:

I know this site presents quality depending articles or reviews and extra information, is there any other site which gives these information in quality?

12.01.2014 | Lynwood wrote:

Have you ever considered publishing an e-book or guest authoring on other blogs? I have a blog based on the same subjects you discuss and would really like to have you share some stories/information. I know my subscribers would enjoy your work. If you're even remotely interested, feel free to send me an e mail.

12.03.2014 | investing magazines wrote:

I believe what you composed made a ton of sense. But, what about this? suppose you composed a catchier post title? I ain't saying your content is not solid, but suppose you added a post title that grabbed a person's attention? I mean SPECIAL FOCUS Safer eBanking Part 2: The security landscape today AND tomorrow | Just Ask Gemalto is a little boring. You might peek at Yahoo's home page and note how they write article headlines to get viewers to open the links. You might try adding a video or a picture or two to grab people interested about everything've got to say. In my opinion, it would bring your blog a little bit more interesting.

Related content

Tips [0]

No results are available with these criteria.

News [0]

No results are available with these criteria.

Focus [0]

No results are available with these criteria.

If you do not findthe answer you're looking for...

Ask your question