According to an article from Financial Times, a security company named Bronzeye has identified risks in the banking field and has addressed these risks to the FCA (which stands for the Financial Conduct Authority). Although they were properly informed of the severity of such risks, it appears that the FCA did nothing to raise awareness on customers or even find the right cure to the problem.
The loophole would give hackers and crackers unquestionable access to the most important banks, mostly in Europe, with all the negative consequences that such access would have. The security issues had to do with the use of inappropriate two-step authentication and are in direct correlation with the recent vulnerabilities that have led to the compromise of more than 100 banks in Eastern Europe (with a loss of $1 billion).
The latest revelation was made public by Kaspersky Lab, although it is not exactly recent – instead, there are traces back in 2013 and the malware used has been able to extract money from ATMs. According to the report from the security firm, Europe had been targeted and especially Great Britain and Sweden, Russia and Ukraine. In addition, targets included China and India, as well as the United States.
The FCA commented on what needs to be done with banks, when it comes to cyber security: “We are focused on ensuring the right outcomes based on our three operational objectives. We expect firms to provide redress for consumers impacted by cyber crime, consumers should not lose out as a result of cyber crime.
Management and oversight of the systemic cyber risks lie with the Bank of England and Prudential Regulation Authority supervision.” However optimistic such a point of view is for the customers, in reality we find that things are quite different and systemic risks in the security of banks are not dealt with as they should.
Cyber-warfare on the Rise
This document brought to light by the Financial Times is certainly discouraging, but it is not the only proof that we have on cyber-warfare affecting banking institutions. Bankers should become truly aware of the risks emerging from faulty security layering. Even with two-factor authentication, when not performed properly, there is some serious risk of compromising banking accounts and stealing great amounts of money alongside with sensitive data.
Imagine being able to remove millions from accounts and deposit them somewhere else, simply with the use of malware and without having to actually jeopardize anything in return. As this is a growing phenomenon, it is worth looking back on some of the major security breaches that are linked to money and data exposure and compromise that have shaken our belief in the banking system altogether, shall we?
Major Incidents of Banking Security Breaches Internationally
Here, we have gathered some of the most notable data breaches and security alerts that have to do with the banking system internationally. These incidents have all troubled the authorities, due to their severity and the grave impact that they have had on global economies.
- JP Morgan Chase: If we were to ask about the most striking data breach in the field of banking, a lot of people would definitely recall JP Morgan Chase without any second thought. With over 76 million households and small businesses exposed, this cyberattack has been among the most powerful ever completed online globally. It is worth noting here that Jamie Dimon, who is the Chairman and chief executive of JP Morgan, was not that optimistic about dealing with such breaches: “We’re making good progress on these and other efforts, but cyberattacks are growing every day in strength and velocity across the globe.”
- Global Payments Inc: This serious vulnerability of 2012 was responsible for credit card information linked online. Although unauthorized transactions have been eliminated, Global Payments still had to deal with the distress of customers.
- Target Data Breach: Back in 2013, the nightmare of Christmas resulted in a huge data breach in Target. It has been estimated that over 70 million customers of Target stores have had their credit and debit card information compromised and this just happened within a short time period.
- Citibank: In 2011, Citibank had to confront with the severity of credit card data leaked. There were over 200,000 credit card holders involved in the data breach, with the company settling for monetary compensations.
- Heartland: Perhaps the first grave problem that had to do with credit card processors and affected so many (with over 130 million cards) was that of Heartland in 2009. The computers of the company were breached and then Hell broke loose!
- Nasdaq: Although this is not directly a banking issue, nobody can argue that penetrating Nasdaq has brought uncertainty to global markets in 2011. The FBI was prompt to encounter the threats online, but the same cannot be told for the growing concern of the people.
This is just a fraction of what has happened within the past few years, targeting both money and sensitive data from the users of credit and debit cards all over the world. This is why it is of paramount importance to remain vigilant and not invite trouble online to our end.
Of course, customers can proceed with the necessary security precautions (including regular changes of passwords, anti-virus that is always up to date and not having their money in one bank etc.); still, bank institutions have to work harder and come up with the proper defensive line that will lead to solid protection online. All bankers, investors and advisers out there need to admit that hackers are still in and stop ignoring them.