3 Serious Security Flaws Your Bank Doesn’t Want You to Know About

Online security compromises, like leaks regarding the NSA infiltrating private financial accounts and cyber-criminal attacks like Project Blitzkrieg, have raised concern about the effectiveness of security measures protecting sensitive account information.

To further complicate the issue, the increased popularity of mobile applications has given hackers a new point of access to account numbers, passwords and other private data. Establishing digital security, however, requires preventative measures from financial institutions and digital application platforms, as well as cooperation from bank account holders.

What Bank Security Measures Are in Place?

Online banking customers expect that their bank accounts are secured on the Web. Fortunately, online bank security is guided by federal regulators that work to create consistency and reliability in the digital banking marketplace.

“Consumers can rest knowing their banks are adhering to the Federal Financial Institutions Examination Council’s suggestions, and more importantly, their established regulations,” Robert Siciliano McAfee Online Security Expert said. “Banks have multiple layers of protection to keep bad guys from hacking in, and [online accounts] have numerous protections internally to protect [them] from malicious insiders.”

Siciliano also said that multi-tiered authentication helps safeguard customers’ accounts from fraud, often requiring would-be infiltrators to go through three to four levels of identity verification.

Examples of this include complex password combinations like alphanumeric requirements that include capitalization and punctuation, as well as CAPTCHA fields that require users to type in a phrase or word, and even security images that indicate that account holders have landed on an authentic bank page.

For the most part, online banking security has greatly improved over the last few years, but there are still weaknesses in digital security that customers need to be aware of.

3 Security Issues You Need to Know About

1. Not All Bank Pages are Secure: HTTPS vs. HTTP

Banks typically have the financial resources to ensure their customers’ accounts are safe from prying eyes. However, some banks and credit unions might have gaps in their networks.

When it comes to internet security, Siciliano said accounts are often compromised because of a user’s behavior, as opposed to the bank’s security technology. However, one instance where online bank pages are susceptible to an attack are unsecured web pages.

“Researchers have found certain sections of banks’ websites sometimes aren’t protected with Hypertext Transfer Protocol Secure (HTTPS), which is a communications protocol for secure communication over a computer network, otherwise just HTTP,” Siciliano said.

Computer users can verify that they’re on a secure section of a bank’s website by checking that the page’s URL explicitly reads “HTTPS.”

2. Anomaly Detection Software Isn’t Perfect

Bank security systems also commonly use what’s referred to as “anomaly detection software” to identify uncharacteristic account behavior. This system tracks transactions and notifies financial institutions of irregularities in an account’s behavior.

“It’s often been found that, while a bank’s servers might be secure … it is often the behavior of certain transactions that sometimes fail to raise red flags,” Siciliano said.

For example:

A small business, North Carolinas PC, is breached. Over the course of a long weekend, its North Carolina-based bank account is accessed numerous times through that breached PC. All weekend, criminals wire the business’ entire bank account of $1 million through 10,000 transfers to Romania.

If the business has never made a transaction to Romania in the past, and if the transferred funds greatly exceed its usual account habits, Siciliano said that a bank with proper anomaly detection software in place would catch this suspicious transaction.

On the other hand, if an unauthorized debit card transaction were to be made at an online retailer the cardholder frequents, and the amount charged was an unassuming $12.36, the fraud detection software would likely not flag the transaction.

The only way to ensure that all transactions in an account are legitimate is to check your transaction history frequently — at least once a week.

3. Malware on Mobile Apps

Mobile banking is offering more on-the-go access for smartphone users, but it can also present an opportunity for hackers to get equal access to personal account information.

According to McAfee Labs, 17,000 new kinds of Android-targeted mobile malware was found in the second quarter of 2013 alone.

Some Android devices are easy victims of malware, as a result of what’s called the “master key vulnerability,” wherein attackers are able to mask malware by altering a legitimate Android app while retaining its original application signature, and then republishing it on a third-party distribution platform.

Google is currently addressing the issue, but in the meantime, customers can avoid accidentally using a compromised app by obtaining applications directly through Google Play. Additionally, Android users are advised to install systems updates that address bugs and fixes.

“Along with the banks exiting systems, coupled with consumers investing more time and intelligence into their own security, online banking should be a secure and fluid process,” Siciliano said.

Photo credit: Perspecsys Photos