TMCnet News

Banks Upgrade Systems to Stop Cyber Criminals
[August 18, 2010]

Banks Upgrade Systems to Stop Cyber Criminals


Aug 18, 2010 (Business Daily/All Africa Global Media via COMTEX) -- Kenyan banks are tightening their systems against a new wave of global cyber crime that has seen thousands of British online bank customers lose savings to criminals in one of the most sophisticated attacks of its kind.



The fraudsters used a malicious computer programme that hides on home computers to steal confidential passwords and account details from at least 3,000 people.

Standard Chartered Bank says it is changing the mode of accessing the online banking from having user name and password by introducing use of name and one-time password which their more than 16,000 mobile banking customers will receive through their phones.


This also comes in the wake of a recent Central Bank of Kenya report that indicating that commercial banks are losing an average Sh100 million to fraudsters every month -- signalling the level of the threat in the industry and the amount of investments that need to be made to keep customers deposits safe.

Apart from Standard Chartered that says it is introducing the new service in Africa before the end of the year, Equity Bank plans biometric authentication.

Mr David Awcook, the group head of technology at Standard Chartered, said the reduced cost of communication and improved bandwidth has raised the profile of mobile and Internet banking, creating demand for banks, while exposing clients to global cyber criminals.

"As a bank, we continue upgrading our banking systems to make them secure but the real threat is on the customer behaviour or collusion," said Mr Awcook, saying there was an urgent need for customer education on the crimes.

In the past two years, the Kenyan banks have invested more than Sh20 billion in security solutions meant to safeguard their clients from cyber attacks, mainly targeting new product lines such as online banking, card businesses and e-commerce channels.

Fintech Technology Solutions general manager Raymond Mutura says as financial institutions adopts online transaction, insecurity is rising, leading the institutions to look for ways of cushioning themselves from possible losses.

"There is a shift where organisations, especially financial institutions, go from the two mode ( password and PIN) to three-pronged method by adopting biometric method," said Mr Mutura.

The adoption of biometric technology by financial institutions is seen as a means of enhancing information access and data security.

The method requires personal transactions and use parts such as thumbs.

It comes at time when banks are moving to Internet banking, which requires that users maintain a high level of confidentiality, for example not revealing passwords or PINs.

Biometrics can be applied to uniquely identify an individual, based on his/her physical or physiological or behavioural traits, features or attributes, which include facial recognition (visage is such an example), DNA, fingerprint, and voice recognition, among others.

CBK's fraud department data indicates that the incidence of banking fraud rose to three per cent of total financial transactions last year, from 0.5 per cent five years ago, helped by increased bandwidth.

While CBK says criminals still use the traditional methods in the country, use of fraudulent cheques or electronic money transfer has pushed up online fraud.

In the UK case, the cyber criminals were able to empty accounts of customers from unnamed bank using a new virus without owners realising as it shows them fake statements.

Sensitive information All the victims were customers with the same unnamed online bank, the company said.

Concern over cyber security has been rising in recent months after a number of financial institutions reported illegal activities targeting their operations with millions of shillings at stake.

In the past six months, anti-banking fraud experts have reported the copying of a bank's website and its posting online to capture sensitive client information.

Suspects have been caught withdrawing large amounts of money from ATMs and tellers have been hacked, resulting in heavy losses.

Card theft, information skimming (insertion of electronic devices in ATM machines to capture customers' personal data), compromised PINs, vandalism and cash-trapping are top on the list of the most common forms of cybercrime.

Analysts say the introduction of online payment portals for e-commerce could be the next frontier for cyber criminals.

[ Back To TMCnet.com's Homepage ]