News & Press | ebankIT

The rising threat: understanding the challenges of cybersecurity

Written by ebankIT | Apr 24, 2019 8:10:00 AM

Security is paramount in digital banking. As technology continues to evolve, security measures must be constantly adapted to ensure that financial institutions offer their account holders the utmost protection for their assets.

Protecting digital assets: a key challenge for financial institutions

In a highly digitalized age when information is the most valuable asset and easily accessible at any time, place, or device, new security concerns arise. 

Cybersecurity has become the word of order for any business or company with digital channels, but even more so for those whose offerings are entirely developed and deployed in virtual environments.

With so much sensitive information, both private and corporate, circulating the digital space, there has been an increase in cyberattacks with the intent of accessing, altering, or destroying data but also disrupting essential services and infrastructures.

Are banks prepared for the new wave of digital threats?

As the prime targets for cybercriminals, banks have been at the forefront of cybersecurity for years, aiming to protect the vast amount of sensitive information from their clients, both personal and corporate.

However, variables such as the increasing number of user-operated devices, the high adoption of digitization to create unique customer experiences, and innovative hacking strategies have drastically raised the threat level, further enhanced by the disruptive regulatory landscape of the banking industry.

The requirements for PSD2 Compliance and Open Banking implementation, despite being a significant step for consumer rights and banking transparency, pose major threats as third-party providers gain access to consumers’ banking information. These API infrastructures provide prime targets for cyber attacks as most traditional security systems have proven inadequate at keeping them secure and inaccessible.


 

1. Mobile apps and web portals

Being the preferred option for clients to handle payments and transfers, mobile apps and online banking interfaces still exhibit critical security vulnerabilities. This is evidenced by a report from Positive Technologies labeling the financial sector as the "most susceptible to attacks," along with a study by Accenture revealing security concerns in 30 prominent banking applications.

2. Third-parties

While most banks invested in protecting their systems and networks, they could not successfully monitor those of the third-party vendors they have come to rely on daily. Watching vendors for security vulnerabilities is mandatory moving forth.

3. Cryptocurrency hacks

With many banks aiming to start trading cryptocurrency, questions regarding the security of digital currency have arisen. Considering recent events where financial institutions have been hacked and robbed of millions of dollars worth of cryptocurrencies, a new approach to security is in order.

Is it possible for digital transformation to ensure security?

The truth is that there seems to be a wide gap between awareness and active preventive measurements when it comes to Cybersecurity. Studies show that despite 82% of companies reporting their board members being concerned or very concerned about Cybersecurity, operational implementation of security protocols is underwhelming at several levels: the company’s internal security structures have not matured, security teams get involved in digital transformation projects too late or not at all and last but not least, only 43% of said board members lead by example and follow good security practices (source: ISACA).

97% of companies have been a victim of digital attacks, and yet only 22% are prepared to deal with incidents in the future

– source: i-scoop. eu

As the financial landscape is being reshaped to adapt to client and regulatory demands, going digital is no longer a choice but a must.

As such, the question banks and credit unions are facing is not whether they can take the risk associated with digital processes but rather how they can prepare in advance and minimize vulnerabilities.

Besides the change in internal culture and strategies to implement security measurements in-house, the same or even more strict demands must be required from all third parties and vendors involved in the Digital Transformation of traditional banks.

As a prime digital transformation enabler, ebankIT has been addressing the subject of privacy and security from an early start, continuously improving on each new update of its Digital Banking Platform.

As of the latest version, we’ve managed to address the most pressing subjects regarding current Cybersecurity concerns by continuously improving our architecture and gathering client feedback. Below is a brief breakdown of how our platform is prepared to face each risk-heavy aspect:

1. Safeguarding sensitive digital information

With a growing volume of sensitive digital information circulating among providers today, ebankIT has prioritized ensuring that this data is encrypted each time it moves between various applications and services.

Looking into the threats associated with sensitive digital information, there are three key moments to consider: when we move it,  use it, and store it. Regarding transportation, our solution provides data encryption of all sensitive information communicated between our apps and services. This provides an extra layer of protection, managed by us, even if the transportation layer is partially compromised.

During an authenticated session, the authentication process ensures the protection of sensitive data. This data is transient and stored temporarily on the internal systems of banks, which undergo regular purging of information from past sessions to maintain security.

ebankIt 's platform allows financial institutions to meet PSD2 legal requirements, which translates into higher encryption capabilities for stored information.

2. Real-time device monitoring and adaptive authentication

With so many digital devices operating at once, it’s critical to receive accurate real-time information about each one and make it possible to monitor any potential anomalies.

ebankIT's platform integrates with highly specialized fraud detection systems, allowing for adaptative authentication. Based on this external information, certain operations may be considered high-risk, so we require a second-level authentication to complete said operation. This can be provided by us or integrated with a third-party provider.

Additionally, users can monitor all mobile devices that use their access and immediately block them in case of a security fault. They can also activate access-related alerts, receiving notifications whenever someone tries to authenticate with their credentials.

3. Addressing cybersecurity challenges

Cybercriminals are becoming increasingly complex and innovative. To face the growing Cybersecurity threats, one must stay one step ahead of the game.

Innovation is essential, and integrating with external systems enables continuous improvement by embracing the cutting-edge advancements of specialized technologies.

ebankIT can use machine learning to validate behavioral patterns through said systems and use their feedback to determine which actions to take regarding authentication at each moment.

Collaborating closely with cybersecurity experts and consultants who are dedicated to staying abreast of the latest advancements in digital security is crucial. Not only do they offer valuable insights, but they also conduct intricate vulnerability assessments on the ebankIT platform. Furthermore, we maintain ongoing communication with our clients' security teams, both internal and external, to gather additional feedback and recommendations to enhance our security measures.

4. Enhancing API security through secure customer authentication

PSD2 Compliance and Open Banking have strict regulations that already impose stricter security criteria than before. A prime example is the obligation of Secure Customer Authentication (SCA), which consists of a multi-factor authentication.

It focuses on three categories:

1. Knowledge – “Something only the user knows” (passwords, etc.)

2. Possession – “Something only the user owns” (OTP sent to the client’s mobile) and

3. Inherence – “Something only the user is” (such as biometrics).

These standard security requirements will not only force service vendors to implement them in their solutions but also make financial institutions more aware of the need to invest in specialized fraud detection systems to avoid the exploitation of APIs.

From a client’s standpoint, it’s also worth mentioning that these third parties can access their information only through their explicit consent. Our platform allows the validation of said consent through standard security protocols.