Security and Threats in Financial Technology
In today’s world technology has touched each and every sector of the economy, banking and finance sector is no exception to this. Banking and Finance sector nowadays are using advanced technologies and complex automated systems. Use of such advanced technologies gives huge benefits to the customers such as ensuring operation excellence, 24 x 7 availability of banking to customer, faster transactions and payments. The benefits of using technology have made banking easier for everyone. But can we say that making use of technology is really safe and secure? A simple question common man has is: are there any threats to the financial data which financial institutions or banks keep with them for their customers? Are the online transactions really safe?? Let’s try and answer these questions.
Online Financial transactions
When we think of online banking, many types of transactions come to our mind. Some of the major online financial transactions are:
- NEFT\RTGS\IMPS through net banking
- ATM And Cash Deposit machine transactions
- Online payment to merchants\Third parties via payment gateway
- Card payments
- Investment purchase or sale
Let us have a look at these financial transactions in detail
- NEFT\RTGS\IMPS through net banking :
Using this one can transfer funds from one account to other easily. With a click of your mouse in case of your laptop or single touch on your smart phone, you can transfer money using IFSCs codes, passwords etc.
So what is the security mechanism used and what are the threats?
Security: The passwords given are as a measure of security and it should be used properly. User must ensure that it is used efficiently and confidentially.
Threats: Sharing of passwords, tampering of passwords is a threat to the user. Not logging out of the screen after making the transactions may be dangerous as it can be used by others very easily.
- ATM And Cash Deposit machine transactions :
With the help of ATM one can withdraw money from his or her account and with help of cash deposit machine money can be deposited. These transactions work with help of ATM cards and PIN (Personal Identification number).
Security: Proper use of cards. Inform the concerned authority immediately on loss of card.
Threats: The threats involved are cloning of cards and hacking of your PIN nos.
- Online payment to merchants\Third parties via payment gateway:
These transactions may or may not need login to any system but it needs a code to complete transaction. It can be a fixed password or may be a One Time password (OTP), which will be sent to your registered mobile number. Generally these types of transactions are utilised at shopping malls or making bill payments.
Security: Updating of correct mobile no’s in the banking system as the OTP passwords will be sent to registered mobile nos.
Threats: Again here online purchases are made by use of cloned cards and hacking of pins.
- Card payments
Card payments are basically divided into two categories – debit card and credit card payments. The transaction can be on internet or it can be at any POS (Point of sale), where swiping the card will pay the amount entered.
Security: Nowadays banks have made PIN entry mandatory while payment via debit card at POS. Credit cards still do not need any PIN or password entry. Only swiping and then giving signature on the receipt does the work.
Threats: Online purchases can be made by use of stolen card numbers and hacking of pins.
- Investment purchase or sale
Online trading comes with online brokers who have their separate ports and logins to make purchase and sale of different things- share, stocks, e – auctions etc.
Security: Don’t disclose personal information
Threats: hacking of pins.
Few simple tips to avoid transaction frauds
- Access your accounts from a secure location
It’s always best practice to connect to your bank using computers and networks you know and trust.
Look for a small padlock icon somewhere on your browser and check the address bar – the URL of the site you are on should begin with ‘https’. Both act as confirmation that you are accessing your account over an encrypted connection.
Avoid accessing it in public place. Some people feel secure accessing their bank accounts from their mobile anywhere. Your mobile can be secure but accessing in public place like trains or buses it becomes insecure. Best place to transact online is your home.
- Set up account notifications (if available)
Some banks offer a facility for customers to set up text or email notifications to alert them to certain activities on their account. For example, if a withdrawal matches or exceeds a specified amount or the account balance dips below a certain point then a message will be sent
Such alerts could give quick notice of suspicious activity on your account.
- Avoid clicking through emails
No financial institution will send you an email asking you to provide any of your login details. If you receive an email that appears to be from your bank that asks for such details then treat it with suspicion as it may be a phishing attempt to trick you into handing your credentials over.
Likewise, be aware of links in emails that appear to be from your bank – this is a trick often employed by the bad guys to get you onto a website that looks like your bank. When you log in to ‘your account’ they will steal your username and password and, ultimately, your cash.
- Use same and familiar ATM for transaction
Get in the habit of using the same ATM machine for your transactions. Become familiar with it and be able to recognize changes to the machine. And this machine should be beside the bank rather than on street
And if need arises to use unfamiliar ATM machine then look for an extra camera apart from ATM security camera, and if there is any extra signs attached to that machine, never use that machine.
- Identify ATM skimmers
Does the keypad look a bit too thick, or different from how it usually looks if you’ve used the machine before? It may be an overlay over the real keypad.
If the bottom panel is a different colour from the rest of the machine because it’s a fake piece of plastic placed over the real bottom panel and the keypad
- Don’t use public networks
This is mainly for public Wi-Fi. If you’re entering credit card information on your phone, you never know who is on these networks and the chances of somebody getting your financial information are higher.
There are new technologies which has made it easier for consumers to make financial transaction but at the cost of security. Some of the examples are as below:
- Cloud: – Cloud computing gives facilities like storage over the internet, on demand computing, resources and information sharing. Many businesses are moving their transactions online and to the cloud, along with their critical applications and services. This step to move to cloud is good for consumers and service providers but it is also very good for hackers. Cloud also means no physical security. That’s why clouds used for the services should be closely watched and monitored.
- EMV Chip cards: – Chip embedded into master card or visa cards is commonly getting used now days. This has replaced the Magnetic strip in the card. This is done as a part of added security measure for the guard against frauds. But hackers also attracted towards it.
The increasing innovations also present opportunities to make every transaction more secure. Like using the global positioning system to identify where the transaction started, pattern based transaction passwords and even the use of biometrics in identifying the consumers. One such idea is to link accounts to programs such as UIDAI which is supposed to carry biometric information of individuals. The Government of India is close to implementing direct cash transfers using it.
With the increasing options of online shoppers and merchants, and advancement in e-payment options made it easy to transact over internet. But this has increased opportunities for e-payment frauds. Day by day new techniques with the help of technology may be used by fraudsters. The user has to take preventive care by keeping themselves cautious, which will only help to reduce this threat and make maximum and safe use of online transactions.