It’s helpful provided you are careful on how you use access to the internet
October 30, 2014: Our plummeting faith in new technology was starkly illustrated last year by the Russian secret service. In the wake of whistleblower Edward Snowden’s revelations of mass electronic spying by the Americans, the Kremlin agency tasked with protecting Russia’s top officials resorted to buying 20 Triumph Adler manual typewriters to use instead of email, and so guarantee their communications stayed secure.
In the ‘civilian’ world, the same lack of trust has prompted many consumers to question whether they should follow the growing trend of online and mobile banking, or stick to old-school bricks-and-mortar banks and hard cash payments instead?
With tales of exotic-sounding banking malware families like Zeus and Carberp being used by often (ironically) Russian cyber criminals to steal the electronic account details of millions of people worldwide, it’s a valid concern.
The problem with banking via the internet, and now mobile devices, and soon social networking sites like Facebook and Twitter, is that it opens up a bigger and bigger ‘attack surface’ for cyber criminals to target. And crucially, the newer the technology, the less people understand its inner workings and can be certain it is safe and secure.
So what are the benefits and pitfalls of online and mobile banking?
Financial security expert Pierluigi Paganini is worried. “Many banks and financial institutions have a great interest in providing services to customers through mobile and also social networking. But there are a lot of problems that could be linked to the use of these platforms,” he explained.
Paganini, founder of the respected ‘Security Affairs’ cyber security blog and chief information security officer at Bit4Id, says the main problem is not the inherent insecurity of these devices – it’s the way people use them.
Take someone who transacts with their bank via their smartphone or tablet: “If you install defence mechanisms such as anti-virus, if you always visit legitimate websites, if you don’t click or respond to unsolicited emails – if people follow some basic best practices, I am quite confident that they can be secure,” Paganini said. “But in reality, this is what never happens.”
He outlines the Dos and Don’ts: don’t use open WiFi networks (criminals can take control of the transaction); don’t open unsolicited emails purporting to come from your bank (it’s a phishing attack that will infect your device with malware); do use the latest (most secure) version of your Android mobile operating system and banking app; and do install anti-virus and other security software.
But even with these precautions, there’s still no guarantee: no technology is 100% safe. For example, banks typically offer seemingly uncrackable ‘two-factor authentication’ on every mobile transaction. This means that as well as your user name and password, you are sent an SMS with a one-time secure code for that transfer.
But because many banking apps don’t properly manage the security ‘certificates’ that the bank’s computer and your device send each other to prove their identity, malware can mount a ‘man-in-the-middle’ attack to intrude on the exchange, pretend to be the bank, send you a fake code and then siphon off your cash without you realising.
In the face of all that, you might think Paganini would side with those who resist the move to online and mobile. But he doesn’t.
For one thing, electronic banking offers obvious benefits: you can access all your bank’s services, all the time, wherever you are. And physical banking isn’t safe – you might get robbed; and physical credit and debit cards get lost or stolen.
Paganini argues that by using online and mobile technology, you avoid these dangers. “I would suggest to people to move to mobile banking, there are a lot of advantages. Under specific conditions we have a good level of security. It just means the user must be educated to avoid risky behaviour.”
As for the banks, they point out that the move to online, mobile and social networking banking is not directly their doing. “This is not a bank-led revolution, it’s consumer-led,” said Rob Watts of the British Bankers’ Association, who oversaw the BBA’s ‘The Way We Bank Now’ study project. “Banks have been genuinely astonished by just how quickly consumers are doing this.
“Of course it’s not for everyone, but a lot of people are finding it’s easy, it’s fast, it’s convenient, they can bank whenever and wherever they want. They don’t have to take time out to go to the branch.”
Globally, banks are adopting a growing range of innovative technology-based services, Watts said: Kenyan banks pioneered mobile payments made to your contacts list via SMS texts; some US banks offer cheque imaging technology which means you don’t have to take a cheque to the branch, you can email a photo instead; and UK banks are making specialist advisers available via Skype.
It may be a case of: if you can’t beat these benefits, you better join in. Just cut out the risky behaviour – a big ask maybe, but at least online you can’t get mugged.
There is no escaping the cyber threat