Articles about Banking

Robbing a bank used to involve a mask, a gun and a fast car, but these days it's more likely to be done via the safer and no less lucrative means of a cyberattack.

A new report from cloud security specialist Carbon Black, based on responses from CISOs at 40 major financial institutions -- including six of the top 10 global banks -- seeks to better understand the attack landscape.

Continue reading →

A new study from vulnerability assessment specialist Positive Technologies shows that banks have built up strong defenses against external attacks but still struggle with internal threats.

Whether they use social engineering, vulnerabilities in web applications, or the help of insiders, as soon as attackers access the internal network of a bank, they often find that it's secured no better than companies in other industries.

Continue reading →

The percentage of critical vulnerabilities in online banking systems is falling, but two thirds still contain at least one critical vulnerability according to a new report.

Enterprise security specialist Positive Technologies has released its Financial Application Vulnerabilities Report, drawn from audits performed by the company.

Continue reading →

The proceeds of cyber crime make up an estimated eight to 10 percent of total illegal profits laundered globally each year, amounting to an estimated $80-$200 billion.

This is among the findings of a new report, commissioned by virtualization-based security company Bromium, into the economics of cyber crime and how criminals launder and 'cash out' the profits of their endeavors.

Continue reading →

Analysis of the internet presence of 25 out of 50 top US banks reveals a worrying number of online security flaws.

Threat management company RiskIQ used its Digital Footprint product, which provides a real-time inventory of all internet-facing assets, including the components running on assets that may expose the organization to vulnerability risk. It also correlates newly discovered vulnerabilities with internet-exposed components and assets, highlighting those at risk to inform patching and remediation planning.

Continue reading →

GDPR affects all companies that engage with EU citizens, even if they have no physical presence in the EU, but a new study reveals that some major US firms still have websites that don’t comply.

The research by digital threat management company RiskIQ looks at 25 of the 50 largest banks in the US (as of 2017) and finds significant security gaps in personally identifiable information (PII) collection.

Continue reading →

Researchers at SpiderLabs, the research arm of Trustwave have released results of their investigations into a major attack targeting Eastern European banks.

The attack uses mules to open new accounts with minimal deposits and, crucially, request a debit card. When the new card is delivered it's shipped elsewhere and hackers then use stolen credentials to manipulate the bank's systems and raise the overdraft limit, allowing cash to be drawn from ATMs.

Continue reading →

The world of banking is about to be transformed. In January 2018, the second Payment Services Directive (PSD2) will be incorporated into UK law, obliging banks to provide other organizations with access to their customers’ financial information. Known colloquially as the "open banking" directive, the new law is intended to end the monopoly of big banks and to provide consumers with a much wider range of financial services providers to choose from.

There are many technical and cultural difficulties that banks will need to overcome in order to comply with the new directive, but perhaps the most serious challenge is how to implement PSD2 without bringing themselves into conflict with another impending piece of legislation; the European Union General Data Protection Regulation (GDPR).

Continue reading →

If you thought there weren't enough digital "Pay" platforms in the United States... you would be in a class by yourself. Nevertheless, there is a new option in the ever-expanding "digital wallet" marketplace.

The latest entrant is Citibank, the US's fourth-largest banking institution. Its unique take in this crowded space is its integration with Masterpass -- Citi customers can check out online and in-app anywhere Masterpass is accepted by using their existing online banking credentials.

Continue reading →

Most major U.S. banks today seem to be singing the same tune, when it comes to acknowledging the potentially transformative impact Open API could have on their fortunes. Be it enabling reduced time to market, or helping reimagine the customer experience with personalized core and value-added services, the wide-ranging promise of Open API is not lost on banks.

And, many U.S. lenders are beginning to walk the talk by sharing customer data with third parties through rollout of application programming interfaces (APIs). Bank of America recently announced plans for an API-driven information sharing agreement with two data aggregators, conditional upon its customers giving consent for the same. Wells Fargo and JPMorgan Chase, too, have struck partnerships with third-party service providers and data aggregators like Finicity, Xero and Intuit to allow the latter to import their customer data.

Continue reading →

A cybersecurity incident involving a bank's online banking services costs the organization $1,754,000 on average, around double the price of recovering from a malware incident.

This is among the findings of Kaspersky Lab's Financial Institutions Security Risks survey released today, which shows that 61 percent of cybersecurity incidents affecting online banking come with additional costs for the institution targeted. These include data loss, loss of brand or company reputation, confidential information leaks, and more.

Continue reading →

Barclays is fighting back against fraud by offering its users more power over when and how their debit cards can be used. According to its announcement, customers will be able to instantly turn a card "on" or "off," disallowing remote purchases. They will also be able to set their own daily ATM withdrawal limits through the Barclays Mobile Banking app.

The new controls are part of the £10 million nationwide drive to increase the public’s awareness of financial fraud risks.

Continue reading →

Around a quarter of banks are struggling to identify their customers when delivering digital and online banking services, according to Kaspersky Lab.

The latest findings from its Financial Institutions Security Risks survey show that 38 percent of financial institutions surveyed confirm that balancing prevention techniques and customer convenience is one of their specific concerns.

Continue reading →

Lloyds Bank customers will soon be able to log into their accounts through fingerprint scanners and facial recognition technology, rather than typing in passwords. According to the bank, it has teamed up with Microsoft to bring the Windows 10 authentication technology to its customers.

The biometric authentication technology, which Microsoft named Windows Hello, uses a combination of infrared technology and advanced software to identify the user in various lighting conditions. It was also emphasized that fraudsters can’t bypass the security measure by using a photograph.

Continue reading →

Back in February of this year researchers at Kaspersky Lab uncovered a series of mysterious fileless attacks against banks where criminals were using in-memory malware to infect banking networks.

A recent investigation into a Russian bank ATM, where there was no money, no traces of physical interaction with the machine and no malware, has thrown further light on this activity.

Continue reading →