Author:
Alexander Tretiyak
Remote banking systems – a glass door to an iron room
Much said about the benefits that banks and customers receive from the use of remote banking systems. The advantages are clear: this is the interaction speed between the bank and the client, easy operation of its accounts, the high information systems and 24/7 time access. And what about the security of these systems?
Using information materials, banks usually indicate in the security column of a secure connection use and the digital signature. Do this information is enough for the client? Is it clear for him? What should client know about the security of remote banking systems use? These issues are especially relevant that the client can read about the fraud growth using internet banking systems at 200% per year, the millionth loss caused by such fraud and detection of all new vulnerabilities in operating systems and software.
In order to secure the client’s confidence in remote maintenance systems, the bank needs to competently build communication on this issue. Well, obviously, the bank is obliged to take all possible measures to repay the trust.
The first difficulty that banks face is to correctly identify the client’s responsibility for transactions security using internet banking systems. Usually, in this issue banks erroneously throw themselves to extremes:
- either they praise the security of their system, creating in the client the erroneous confidence that the bank will protect it under any circumstances and it does not require anything from it;
- on the contrary – expose the client to a huge list of requirements and restrictions, where cause the client’s panic and sometimes the refusal to system use.
In our view, in order to avoid the negative effects of incorrect communication of internet banking systems security, points should be arranged in the following aspects:
- the client should know and understand that from his workplace he gets a user access to the remote banking system. And if the workplace is compromised by fraudsters, they will also receive this access;
- the client needs to clarify that cyber fraud, like waterflow, chooses the “road of least resistance”. Being interested in the banking systems security, the client should understand that the bank’s systems will be attacked only if they are hacked easier by the client’s workplace;
- the Bank protects its systems using the best available mechanisms and practices, since compromising the bank’s system will lead to much greater negative effects than compromising individual customers;
- recommendations on the safety use of Internet banking systems, dictated by the need and formed on the basis of the expertise of bank experts;
- in case of client’s workplace compromise and formation of fraudulent payment, the bank receives an absolutely legitimate payment order that it must be performed. To identify fraudulent payment is possible only on the basis of implicity;
- the Bank does not seek to interfere with the organization of client’s information security and has limited access to monitor the implementation of recommendations by the client, but is very interested in the quality of these issues;
- additional remedies and two-factor payment authorization are effective and allow the bank to insure the customer.
Thus, the client needs to be informed that using of remote banking systems, both the client and the bank not only receive additional opportunities, but also take on additional obligations, the performance of which will ensure safe and comfortable operation.
Much said about the benefits that banks and customers receive from the use of remote banking systems. The advantages are clear: this is the interaction speed between the bank and the client, easy operation of its accounts, the high information systems and 24/7 time access. And what about the security of these systems?
Using information materials, banks usually indicate in the security column of a secure connection use and the digital signature. Do this information is enough for the client? Is it clear for him? What should client know about the security of remote banking systems use? These issues are especially relevant that the client can read about the fraud growth using internet banking systems at 200% per year, the millionth loss caused by such fraud and detection of all new vulnerabilities in operating systems and software.
In order to secure the client’s confidence in remote maintenance systems, the bank needs to competently build communication on this issue. Well, obviously, the bank is obliged to take all possible measures to repay the trust.
The first difficulty that banks face is to correctly identify the client’s responsibility for transactions security using internet banking systems. Usually, in this issue banks erroneously throw themselves to extremes:
- either they praise the security of their system, creating in the client the erroneous confidence that the bank will protect it under any circumstances and it does not require anything from it;
- on the contrary – expose the client to a huge list of requirements and restrictions, where cause the client’s panic and sometimes the refusal to system use.
In our view, in order to avoid the negative effects of incorrect communication of internet banking systems security, points should be arranged in the following aspects:
- the client should know and understand that from his workplace he gets a user access to the remote banking system. And if the workplace is compromised by fraudsters, they will also receive this access;
- the client needs to clarify that cyber fraud, like waterflow, chooses the “road of least resistance”. Being interested in the banking systems security, the client should understand that the bank’s systems will be attacked only if they are hacked easier by the client’s workplace;
- the Bank protects its systems using the best available mechanisms and practices, since compromising the bank’s system will lead to much greater negative effects than compromising individual customers;
- recommendations on the safety use of Internet banking systems, dictated by the need and formed on the basis of the expertise of bank experts;
- in case of client’s workplace compromise and formation of fraudulent payment, the bank receives an absolutely legitimate payment order that it must be performed. To identify fraudulent payment is possible only on the basis of implicity;
- the Bank does not seek to interfere with the organization of client’s information security and has limited access to monitor the implementation of recommendations by the client, but is very interested in the quality of these issues;
- additional remedies and two-factor payment authorization are effective and allow the bank to insure the customer.
Thus, the client needs to be informed that using of remote banking systems, both the client and the bank not only receive additional opportunities, but also take on additional obligations, the performance of which will ensure safe and comfortable operation.
Комментариев ещё нет.