Financial sector’s web authentication practices, apps called into question
February 18, 2014

The financial services sector has been among the biggest targets of cybercriminals in recent years, as hackers have found ways to commit digital bank heists with exceptional accuracy and relentless frequency. Part of the problem might be the rapid deployment of new technology and the still slow-to-the-pace stream of relevant regulatory compliance statutes. 

For example, many banks are deploying mobile apps and other digital options for customers to complete transactions through, while those in charge of access management might not fully understand the best practices of keeping data safe in these environments. One thing is for sure though – financial institutions that do not have proactive and comprehensive security protocols in place will be at a much greater risk of experiencing a breach.

Once a breach of a bank occurs, the damages are often massive for the customers and the institution itself, as financial data is some of the most sensitive information stored on the Internet today. Although financial institutions need to keep up with the progression of customer demand for new technology, they also need to take more targeted and planned steps to maintain complete control of user access and authentication throughout the process. 

Lawsuit filed following cyberheist
KrebsonSecurity recently reported that one California-based escrow firm is suing the bank responsible for the $1.5 million cyberheist that led to the company's eventual demise. While this case is very much in its early stages, certain facts are already on the table, including the fact that three fraudulent wire transfers were conducted between Dec. 2012 and Feb. 2013, the source explained. 

This points out one of the more important matters to keep in mind when it comes to proactive privacy and data protection, in that long-term theft is often the most damaging. Organizations that do not have any structures in place to quickly identify abnormalities or instances of breach will often suffer the more damaging consequences, as immediate recognition could have cut the price of this specific cyber heist down to a third of the final tally. 

According to the news provider, the Uniform Commercial Code, which California-based banks are under, places the blame in these matters on the financial institution in many instances. KrebsonSecurity cited the following from this legislation:

"Effective as the order of the customer, whether or not authorized, if the security procedure is a commercially reasonable method of providing security against unauthorized payment orders, and the bank proves that it accepted the payment order in good faith and in compliance with the security procedure and any written agreement or instruction of the customer restricting acceptance of payment orders issued in the name of the customer."

While backend system control and general multi-factor authentication might have been able to prevent this issue or minimize the damages, banks must also remember that apps pose a significant risk. 

Almighty iPhones app security blunder
Tom's Guide recently reported that a new study from researcher Ariel Sanchez revealed that 40 iOS-compatible banking apps have security flaws. According to the source, Sanchez believed that there were several reasons behind these vulnerabilities, including the fact that every single one could be used on a jailbroken device. 

However, the biggest suggestion this security expert gave to the news provider was that multi-factor verification could mitigate the majority of the vulnerabilities contained within the tested apps. In fact, less than one-third of the apps had any form of authentication solution in place, making them extremely at risk of breach and malware attacks, Tom's Guide noted. 

With multi-factor authentication and total access management solutions, financial institutions can get a better handle on the security concerns of the modern era.