The cyber threat to Digital/Mobile banking

Image Source - The Hindu

• Recently, the Asia Pacific area has seen an uptick in cyberattacks on Android and iOS devices, according to global cybersecurity firm Kaspersky.
• A recent study found that more consumers are gravitating toward digital payments and that an increasing number of people are using their cell phones to engage with their banks or bank accounts.
• Additionally, this acceleration introduces a vulnerability: a rise in the risk of cyberattacks on mobile devices.

Recent survey

• Two-thirds of respondents in a 2020 Statista poll of 5,000+ households in 25 States in India claimed they owned a smartphone.
• Of those, 50% claimed to send and receive money digitally, while roughly 31% claimed to have a banking mobile app.
• Nearly 14% of respondents claimed to conduct banking-related activities on their smartphones.
• This number increased even more as more people began using digital payment methods in place of cash transactions as a result of the COVID-19 pandemic.
• This acceleration brings along with it vulnerability: an increased threat of cyberattacks on mobile devices

The necessity for cybersecurity in online banking

Safeguarding the assets of the client

• The protection of customers' assets is the main goal of cybersecurity in digital banking. More and more activities or transactions are being done online as more individuals go cashless.

Recovering the information or data

• Cybercrimes in digital banking have an impact on both the customer and the institutions as they work to recover the data. For the banks to be able to retrieve the data or information, significant financial outlay may be necessary.

Trust

• Banks must have good cybersecurity because data breaches may make it difficult for people to trust financial institutions. It may pose major consequences for banks

Issues of Cyber Threats on Mobile Banking

Rising Cyber Attacks:

• A report by the cyber security company Kaspersky warns that as more individuals in the Asia Pacific (APAC) region convert to mobile banking, there will be an increase in cyberattacks on Android and iOS devices.

Trojan and malware usage

• Kaspersky claims that mobile banking Trojans are harmful viruses that can steal money from the bank accounts of mobile users by impersonating a trustworthy app to trick unwary users into installing the infection.
• For instance, the Anubis mobile banking malware has been primarily focusing on Android users since 2017.
• Additionally, its global ads have affected customers in Colombia, France, Germany, the United States, Denmark, and Vietnam.

Methodology:

• The attackers infect the device via high-ranking, legitimate-app-looking malicious Google Play apps, SMS smishing (phishing), and the BianLian malware, a different mobile banking trojan. Another common spyware that targets users of mobile banking is the Trojan, Roaming Mantis.
• The organization uses smishing exploits to take over domain name systems (DNS) and use them to attack Android devices and propagate malicious programs.

The issue with interoperability:

• As a result of changes in customer behaviour, many payment platforms, including Google Pay, Paytm, PhonePe, Square, PayPal, and Alipay, have benefited from the adoption of mobile banking.
• They've also permanently altered the payments game to their benefit as a result.
• These platforms work in a closed-loop payment environment where a Google Pay user can only transfer funds to another bank account through the search giant's payment service.
• In that they only permit financial transactions to take place within their respective networks and not between one another, Visa and Mastercard operate similarly.

Alteration of Business Model:

• Regulators who want open, standardized platforms with reduced entry barriers are contributing factors.
• Payment platform companies are already being forced by several nations to alter their business models.
• For instance, China has mandated that its internet service providers provide connection and payment services to rival companies on its platforms.
• A new regulation in India mandates that interoperability across wallets be available on all certified mobile payment services.

Lack of Security Professionals:

• The lack of technology, engineering, data, and security experts that banks need to realize their digital objectives tends to conceal a far larger issue, namely that banks are no longer the top employers for all types of talent.

Lack of Proper Cybersecurity Policy:

• The scarcity of skills in banking and the lack of adequate cybersecurity could result in an increase in cyberattacks on consumer devices.
• It also helps to be careful and extremely cautious when using a mobile device to make payments until this mismatch is fixed.

Threats for Cybersecurity in Digital Banking

Data not encrypted

• One of the most frequent hazards facing banks involves data that is left unencrypted and immediately used by hackers or other cybercriminals, causing serious problems for the financial institution.

Malware

• Digital transactions are typically carried out on end-to-end consumer devices like computers and smartphones, so they must be secured.

Auxiliary services

• To better serve their customers, many banks and financial institutions rely on third-party services from other suppliers. However, the bank that hired these companies will suffer greatly if they don't have strict cybersecurity measures

Spoofing

• When a user submits their login information, the criminals steal it and use it later. The cybercriminals will pose as a banking website's URL with a website that is identical to the actual one and performs in the same way.

Phishing

• Phishing is the practice of posing as a reliable entity in an electronic conversation in an effort to obtain sensitive information, such as credit card numbers, for harmful purposes.

Data

Which nation employs the most online bankers?

• Brazil will lead the way for digital bankers in 2022, according to a poll, where 43% of respondents said they have an account.
• Brazil is followed by Mexico (17%), Spain (17%), United Arab Emirates (19%), India (26%), Ireland (22%), Singapore (21%), Hong Kong (20%), United Kingdom (20%), and South Africa (15%).
• By 2027, a rise is anticipated in all nations.
• Within the next five years, 34% of individuals worldwide will have digital bank accounts, up from an average of just 19% in 2022.
• highest adoption rates among younger folks
• The age range in Brazil where people are most likely to have a digital bank account is 25-34 (55%), followed by 18-24 in Malaysia (20%), 35-44 in the Philippines (16%), 25-34 in Ireland (34%), 18-24 in Mexico (22%), 35-44 in Hong Kong (23%), 18-24 in Singapore (39%), 18-24 in the United Arab Emirates (31%), 35-44 in Germany (17%), 18-24 in Spain (22%), 18-24 in South Africa (18%), 18-24 in India (33%)

Women vs. Men

• With 29% of men and 23% of women reporting having a digital bank account, males are more likely than women to have one.

Way Forward

Comprehensive Security

• It is better to go toward integrated security, where all elements cooperate and communicate.

Analytics using big data and machine learning

• Leveraging analytics is crucial for maximizing cyber resistance. A new generation of real-time security analytics has been developed that can store and analyze a vast amount of security data.

Recognize the significance of security

• Security needs to be viewed as a benefit rather than a cost in people's perceptions. Only after considering the danger of security threats and their effects can the value of security be fully appreciated.

Spend money on next-generation endpoint security.

• Banks and other financial institutions need to spend money on technology that can identify and stop exploits.

Safeguard information

• Since sensitive data is now kept on several devices and in the cloud, every system that contains it needs to be secured.

Consumer Sensitivity

• The client must be made aware of the importance of keeping their banking credentials private in this crucial area.

Also, Read - the special marriage act 1954 UPSC