By Dave Waterson, CEO, SentryBay
Over three quarters of UK adults are now using online banking services, according to Statista. The convenience of being able to instantly access and check a bank account, make payments, set up direct debits and invest savings has driven adoption of this service, and helped banks to significantly lower their administration and physical estate costs.
With very few exceptions, banks have implemented stringent security to protect their own systems and to comply with regulations. However, cybercriminals, adept at finding new avenues of attack, have turned their attention to banking customers instead. This is why malware designed to steal passwords and log-in details and phishing attempts are now the most common scams perpetrated on customers during the online banking process.
Despite the regularity with which consumers use online banking and their understandable security concerns, all too often the devices they use to access their accounts are insufficiently protected. This could be because their security software is out of date, it doesn’t extend to guarding against specific types of attack, or it has never been loaded. The fact is, however, that from the second that a keystroke is made, if malicious keylogging or screen grabbing malware has already infected the device, the consumer is vulnerable to attack.
Keylogging, which is ranked as one of the world’s most prevalent malwares, is covertly installed to record keystrokes which can later be used to steal passwords and log-in details, as well as all information entered during the banking session. Screen grabbing uses an automated website to impersonate a web browser so it can extract data or perform actions, such as inputting log-in details, that a user would normally perform manually.
The need for fortification
While smartphones have an element of security built into the device itself, this won’t necessarily protect users from malware which can be easily downloaded from malicious texts or from the inadvertent opening of an email attachment. When it comes to desktop PCs and laptops, standard anti-virus solutions need further fortification if they are to fully protect users against the constantly evolving cyberattack landscape.
Banks of course have no control over the desktop PCs, tablets or mobile phones that their customers are using. This is why a growing number are working with specialist cyber security providers to white label applications that can be easily downloaded by their customers from secure banking portals and which will protect individual interactions with the bank’s online service.
Solutions like our own BankSafe are designed to deliver a protective shield to customers, regardless of the device they are using, and they are effective at preventing identity-theft, such as the stealing of passwords, phishing attempts, screen grabbing and ransomware. These applications work in tandem with the default browser, targeting malware before it even hits the device. BankSafe, for example, combats all threats without needing to identify them first. It will also guard against another common threat – card-not-present fraud – which occurs during transactions, such as eCommerce conducted online.
Meeting compliance requirements
For the banking industry, there is another important factor to take into consideration – compliance. The impact of the Covid-19 lockdown, an increase in remote working, and a rise in online activity has created a backdrop of increased scrutiny when it comes to regulations such as PCI DSS, HIPAA, GDPR, FFIEC layered security and internal infosec requirements. So solutions that help customers to be protected easily whenever they use a bank’s services online will also help to enhance that bank’s risk profile and make it easier for them to meet regulatory requirements and international laws and local guidance.
Ease of use is essential. If banks are to ensure that customers adopt these security applications, they need to be easy to install and require no special configuration. In addition, the solution should protect not just against known malware but undetected malware too, ensuring that personal financial transactions are futureproofed against breaches.
With payment fraud expected to increase exponentially, customers are looking to their banks for reassurance that they can interact securely with them. Solutions designed to shield all of their transactions from risk will serve to provide a seamless, secure online banking service. In addition, as banks continue with their digital transformation processes, delivering online user experiences that are memorable only for their excellence, and not for any dangers they might present, will become essential. That’s why they should be proactive in extending security solutions direct to customers.