18 September 2014

Dave Lock

David Lock - Insider Technologies

12 | posts 24,492 | views 7 | comments

Banking - Mission: Impossible in disguise?

19 June 2013  |  1470 views  |  0

Bankers have a reputation of being very conservative and well, frankly, boring. As an ex-banker I’d like to defend this and say that rather than the image of grey suited accountants, they should be seen as heroes like Tom Cruise in Mission: Impossible. After all – bankers are in the risk business – and are taking risks every day.

Here in Malaysia, bank branches have a little more edge to them, with armed guards casually caressing shotguns and looking very bored – you don’t get that in sleepy Norfolk where I live when I’m in the UK. The point is that bankers adapt locally to the risk, and balance it on how to mitigate the risk. A branch has the possibility of getting robbed – and the bank puts in compensating controls to reduce that risk – but short of never letting anyone in the branch it will always have the possibility of getting robbed.

A recently published report by an ethical hacking group about industries and their protection against security breaches, gave me a new perspective on data security in banking– especially in light of the recent frauds against Middle Eastern banks. Some interesting things struck me about their figures. The banking industry was one of the better protected – but does take a long time to close loopholes once discovered. Also, 71% of banks had systems that track for online fraud. Which put another way, means staggeringly, 29% do not.

The reality is – like being robbed, banks will suffer data breaches. This is a worldwide threat. The risk can be mitigated by many security controls and some recent breaches were made remarkably easy by merchants and processors using non secure ‘root’ passwords. This is the equivalent of leaving the vault door open and letting the security guard have an afternoon sleep.

It is equally as important that, should a breach happen and a bank is impacted financially, they know as soon as possible and can reduce the impact. In the card world they need to ensure they are checking for unusual transactions. This cannot be done the next day looking at a couple of paper reports that reach a desk around lunchtime, an approach still used by a surprising number of banks.  This needs to be done on a 24/7 basis – after all it only took 24 hours to take out $40m in one recent fraud.

I appreciate none of this is quite as exciting as Tom Cruise swinging from very tall buildings, but in this age of the cyber heist being one of the most lucrative criminal occupations, diligence is the key attribute to reduce fraud risk.

TagsPaymentsRisk & regulation

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from David

There's one thing worse than being talked about.

07 April 2014  |  987 views  |  0  |  Recommends 0 TagsInnovation

Data hoarding - or Big Data

01 April 2014  |  705 views  |  0  |  Recommends 0 TagsPaymentsRisk & regulation

Prepaid cards: a maturing market?

20 November 2013  |  2393 views  |  0  |  Recommends 0 TagsCardsPayments

Little Big Data

20 September 2013  |  3663 views  |  2  |  Recommends 0 TagsPaymentsInnovation

NFC - KISS

05 July 2013  |  2856 views  |  2  |  Recommends 0 TagsPaymentsInnovation
name

David Lock

job title

Business Solutions Manager

company name

Insider Technologies

member since

2013

location

Manchester

Summary profile See full profile »
Providing solutions and support with Insider Technologies Monitoring solutions

David's expertise

What David reads
David writes about
David's blog archive
April 2014 (2)2013 (10)

Who is commenting on David's posts

Azana Baksh