This preview shows page 248 - 254 out of 669 pages.
Attackers could be hackers, unscrupulous vendors, disgruntled employees or even pure thrill seekers.•Also, in a networked environment the security is limited to itsweakest link.It is therefore, necessary that banks critically assess all interrelated systems and have access control measure in place of each of them.
06-07-2020 13:09:54Security Considerations in e-banking IBS - Bangalore236•Banks are also exposed to security risk from internal sources.•Ex: employee fraud. Employees being familiar with different systems and their weaknesses become potential security threats in a looselycontrolled environment. They can manage to acquire the authentication data in order to accessthe customer accounts causing losses to the bank.
06-07-2020 13:09:54Security Considerations in e-banking IBS - Bangalore237•Unless specifically protected, all data/information transfer over the internet can be monitored or read by unauthorized persons.There are programs such as ‘SNIFFERS’ which can beset-up at web servers, or other critical locations to collect data like account numbers, passwords, account and credit card numbers.Data privacy and confidentiality issues are relevant even when data is not being transferred over the net. Data residing in web servers or even banks’ internal systems are susceptible to corruption if not properly isolated through firewalls from internet.
06-07-2020 13:09:54Security Considerations in e-banking IBS - Bangalore238•The risk of data alteration, intentionally or unintentionally, but unauthorized is real in a networked environment, both when data is being transmitted or stored. Proper access control and technological tools to ensure data integrity is of utmost importance to banks.Another aspect is whether the systems are in place to quickly detect any such alteration and set the alert.
06-07-2020 13:09:54Security Considerations in e-banking IBS - Bangalore239•Identity of the person making a request for a service or a transaction as acustomer is crucial to legal validity of a transaction and is a source of riskto a bank.•A computer connected to Internet is identified by its IP address. Thereare methods available to masquerade one computer as another,commonly known as ‘IP Spoofing’. Likewise, user identity can bemisrepresented. Hence authentication control is an essential securitystep in any e-banking system.•Non-repudiation involves creating a proof of communication between two parties, say, the bank and its customer, which neither can deny later. Banks’ system must be technologically equipped to handle these aspects, which are potential source of risk.
06-07-2020 13:09:54Security Considerations in e-banking IBS - Bangalore240Reputational Risk•It is the risk of getting significant negative public opinion, which may result in a critical loss of funding or customers.