Cyber threat to Digital/Mobile banking


    In News

    • Recently, Global cybersecurity firm Kaspersky warns of an increase in cyberattacks on Android and iOS devices in the Asia Pacific region.

    About the recent survey 

    • According to a 2020 Statista survey of five thousand odd households across 25 States in India, two-third respondents said they had a smartphone.
      • Of these, half said they sent and received money digitally, and about 31% said they had a mobile app for banking. 
      • Nearly 14% said they used their mobile phones for banking-related purposes.
    • This number further jumped as the COVID-19 pandemic made a lot more people switch to digital modes of payment instead of transacting with cash.
      • This acceleration brings along with it vulnerability: an increased threat of cyberattacks on mobile devices.  

    What is Cybersecurity?

    • Cybersecurity is the practice of protecting electronic systems like computers etc. and data from malicious attacks. 
    • It is also called Information technology security or electronic information security. 
    • Cybersecurity means the body of technologies and practices designed to protect networks, devices etc. from attack, damage from any unauthorized access.


    What is the need for Cybersecurity in digital banking?

    • Protecting the customer’s assets
      • The primary purpose of Cybersecurity in digital banking is to protect the customer’s assets. As people go cashless, more and more activities or transactions are done online.
    • Recovering the data or information
      • Cybercrimes in digital banking not only affects the customer, but it also affects the banks while they attempt to recover the data. The banks may require spending a considerable amount of money to recover the data or information.
    • Trust
      • A strong Cybersecurity is a must for banks as data breaches may make it tough to trust financial institutions. It may cause severe problems for banks.

    Facts/ Data 

    • Which country has the most digital bankers? 
      • Brazil leads the way for digital bankers in 2022, with 43% of those surveyed saying they have an account. Brazil is followed by India (26%), Ireland (22%), Singapore (21%), Hong Kong (20%), United Arab Emirates (19%), Mexico (17%), Spain (17%) and South Africa (15%).
    • All countries are expected to see an increase again by 2027. 
      • On average, 34% of people worldwide will have a digital bank account within the next 5 years, up from an average of just 19% in 2022.
    • Adoption highest with younger people 
      • Individuals that are most likely to have a digital bank account in Brazil are ages 25–34 (55%), Malaysia ages 18–24 (20%), Philippines ages 35–44 (16%), Ireland ages 25–34 (34%), Mexico ages 25–34 (22%), Hong Kong ages 35–44 (23%), Singapore ages 18–24 (39%), United Arab Emirates ages 18–24 (31%), Germany ages 35–44 (17%), Spain ages 18–24 (22%), South Africa ages 35–44 (18%), India ages 18–24 (33%) and Portugal ages 18–24 (22%). 
    • Men VS Women
      • Men are more likely to have a digital bank account than women, with 29% of men compared to 23% of women saying they have an account. 


    Threats for Cybersecurity in Digital Banking


    •  Unencrypted data
      • It is one of the common threats faced by the banks where the data is left unencrypted, and hackers or cybercriminals use the data right away, thereby creating severe issues for the financial institution.
    •  Malware
      • End to end-user devices like computers and mobile devices are mostly used for conducting digital transactions; therefore, it must be secured.
    •  Third-party services
      • Many banks and financial institutions use third-party services from other vendors to serve their customers better. However, if these vendors don’t have a tight Cybersecurity measure, then the bank that has employed them will suffer badly.
    •  Spoofing
      • The cybercriminals will impersonate a banking website’s URL with a website that is similar to the original one and functions the same way and when the user enters his or her login credentials that login credentials are stolen by these criminals and use it later.
    •  Phishing
      • Phishing means the attempt to get sensitive information such as credit card details etc. for malicious activities by disguising as a trustworthy entity in an electronic communication.

    What are the challenges relating to Cybersecurity in digital banking?


    •  Lack of Awareness
      • Awareness among the people regarding Cybersecurity has been quite low, and not many firms invest in training and improving the overall Cybersecurity awareness among the people.
    •  Inadequate Budgets and Lack of Management
      • Cybersecurity is accorded low priority; therefore, they are most of the time neglected in the budgets.
    •  Weak Identity and Access Management
      • Identity and access management has been the fundamental element of Cybersecurity and especially in these times when the hackers have the upper hand; it may require only one hacked credential to enter into an enterprise network.
    •  Rise of Ransomware
      • Cybercriminals are starting to use methods that avoid them to be detected by endpoint protection code that focuses on executable files.
    •  Mobile devices and Apps
      • Mobile phones have become an attractive target for hackers as we see a rise in mobile phone transactions.
    •  Social Media
      • Adoption of social media has led to hackers to exploit even more. Less aware customers put out their data for anyone to see which is exploited by the attackers.
    •  Trojans let loose
      • One mobile banking trojan, called Anubis, has been targeting Android users since 2017.
      • Roaming Mantis is another prolific malware targeting mobile banking users.

    Way forward

    •  Integrated Security
      • Moving towards integrated security where all components work and communicate together is more beneficial.
    •  Machine Learning and big data analytics
      • Analytics is an essential element in leveraging cyber resilience. A new generation of security analytics has come out which can store and assess a huge number of security data in real-time.
    •  Understand the importance of security
      • The mindset where security is seen as a cost must make way for security as a plus. The risk of security threats and its impact must be analyzed then only the importance of security can be truly understood.
    •  Invest in Next-generation endpoint protection
      •  Banks and institutions must invest in technologies that can recognize and eliminate the practices and actions used in exploits.
    •  Protect information
      • Today the data is stored in different devices and in the cloud, so every system that holds the sensitive data must be protected with security.
    •  Consumer Awareness
      • It is one of the important aspects where the consumer must be made aware of not disclosing their banking credentials to anyone.
    •  Anti-virus and Anti-malware applications
      • A firewall may increase protection, but it won’t stop an attack unless updated anti-virus and anti-malware applications are used.

    Source: TH