Main page / Remote banking security. ATMs, POS-terminals and kiosks security, Mobile banking and Internet banking security.
Logical security RBS: past, present, future.
Denis Gasilin, Head of marketing, SafenSoft
Source: Banking technologies, ¹ 6 - 2013
Remote banking service is beneficial to all the participants of the credit and financial markets. Year after year customers of financial institutions are gaining more control over their accounts and organizations reduce the cost of maintenance of office and are able to offer customers additional services. But the explosive growth of such benefit not only banks and users of services but a third party - cyberhawks. Traditional security measures are not keeping pace with the market, so the damage from fraud DBS systems of our country is already about $ 100 million a year and by 2015 the total amount of losses could reach $ 171 million.
RBS can be divided into three types.
- Self-service devices (ATMs, POS-terminals and kiosks) has long been firmly established in our lives. Increasing the number of services offered to customers through ATM, leading to increased «attack surface» for potential intruders. Attacks on ATMs and ATM networks take many different forms from rough to launch attacks against system failure, as in the March attack on the South Korean bank to covert penetration of malicious code into the devices themselves. According to the report the experts Comrade ATMIA for 2012, logical threats to ATMs have already reached the third place among the major threats and only the use of new technologies in the field of information security can stop or at least slow down this disturbing trend - the traditional approaches that require broadband Internet access and significant resources are not running in reduced ATM software environment.
- Mobile banking, serving mainly as applications for mobile devices such as tablets and smartphones - the newest trend in the triad means RBS. According to research by Digital Security, the one for banking applications for iOS and Android 37 most popular banks in the country, all of the applications of mobile banking in Russia contain at least one vulnerability. Of particular danger is a concept that implies the integration of banking services to the «extra» services such as social networks. It is worth noting that the specific distribution of Android apps is that malware is often distributed through the official online store Android Market. Thus, according to the December 2011 about 30% of all viruses for Android is spread through this channel. The recent emergence of the market for mobile devices running Windows 8, leads to the fact that the gadgets are becoming more vulnerabilities, and their hardware resources are used to capacity.
- The third type of RBS - familiar and existing for a long time Internet banking. Recently, this type of RBS mostly used by legal entities from workstations within the organization, giving individuals and their calculations of mobile banking. Since the operations are carried out on conventional computers, the whole range of traditional threats relevant for companies using the service. The most well-known in our country malicious pro gramme in this area is the Trojan Carberp, constantly being upgraded by its creators - the last modification was detected in March 2013.
The initial spread of each new malware or modify old divergent attacked by organizations until the virus database updates each time causing the state that the usual system of protection based on the principle of action of the «black list», do not have sufficient capacity to meet the attacks at the RBS view. Cyber criminals are constantly improving their tools, and the only way out of the situation can be only protection based on proactive protection technologies and the principle of «white lists» that prevents unauthorized changes to the system, regardless of whether or not the executable code in the virus database.
SafenSoft, 2004-2021. All rights are reserved.