By Julian Goldsmith, 14 June 2007 12:06
NEWS
The number of security flaws within financial institutions' IT systems is growing fast, due in part to customer demand for internet services.
silicon.com Financial Services
Get the latest financial services news straight to your inbox. Sign up for the FS newsletter today!
A survey of just under 400 financial institutions, ranging from high street and City banks to insurance and credit services, claimed seven per cent of the organisations tested revealed between 41 and 126 separate vulnerabilities. If found 49 per cent of financial companies had one or more high risk vulnerability.
A spokeswoman from security company NTA Monitor, which runs the survey using its own penetration testing software, told silicon.com that 32 per cent of the companies tested were in the high-risk category, although this figure was a decline from 61 per cent last year.
NTA technical director Roy Hills blames the move online as one of the primary causes of security weaknesses in the sector.
Cheat Sheets
♦ Basel II
♦ MiFID
♦ Sarbanes-Oxley
Financial organisations are one of the frontrunners in terms of online activity, and are being pushed to open themselves up to the public by offering more online services or by allowing customers to access their personal financial data.
While this extra accessibility is of benefit to many customers, at the same time it can increase the exposure to external attacks, he warned.
Comments
There is 1 comment. Join the discussion
1. Brian Kinch, Fraud Expert, Fair Isaac
With more and more customers opting to bank online nowadays, it saddens me that UK banks and financial institutions are failing to take seriously the importance of IT security. Customers need to be able to trust in the integrity of online banking and have a right to know that banks are taking all reasonable steps to protect them from fraud and ID theft.
ID theft can be even more disastrous for customers than other types of fraud with victims reporting the experience as akin to a vicious physical attack. The repercussions are difficult to unravel and have a long term impact. Victims may have problems applying for jobs, or be denied a mortgage or credit card for years to come as a result of the ID theft. We need to look at putting in place a UK wide network which is available for victims to help them fully repair their personal and financial profiles to lessen the effect of this crime.
Moreover, if the Home Office follows through with its advice to victims of card fraud (to not bother reporting the crime to the police), this will put a greater pressure on banks as customers will need more reassurance and to feel confident that their bank has the necessary protection in place and is properly equipped to offer additional support if required.
Banks need to adopt advanced fraud detection systems and apply a rigour with online banking transactions similar to that which they apply to physical card transactions.