“Bank Robbery” makes me think of the movies. Either a western where the criminals get away on horseback or something more high-tech involving a matrix-style command line interface to hack the digital lock on a safe door.
A movie about modern day bank robbery would have to work much harder to make the story thrilling since it’s now about a digital lock on a digital safe.
Now that there is a digital interface to a bank, there has been a shift in how banks protect against theft.
Bank robbery used to rely mainly on being cunning or the application of physical force. Whether it was fast and direct or patient and calculating, bank robbers needed to overcome the bank’s physical defences: guards, alarms, safes, and secure doors in order to get the cash and make an escape.
As a result, bank security experts spent most of their time strengthening these defences and wondering how they might be bypassed. Stronger safes, more elaborate alarm systems, keypad authentication, or whatever new technologies provided, the banks built their safeguards to be stronger and cleverer than the tools employed by the robbers they were trying to keep out.
Stealing physical assets from a bank requires a close proximity to the vault and it’s difficult to have such close access for a long period of time. But there are now other ways to access money, and consequently different ways to steal it.
The introduction of ATMs and banking cards followed by online and mobile banking have made it significantly easier to access your funds but it’s changed the way that banks have to think about keeping their customers money secure. You no longer need to be close to the bank to steal from it.
“As the cost of technology decreases, the barriers to entry for cyber-crime drop, making it easier and cheaper for criminals of all types to seek out new ways to perpetrate cyber fraud. A growing black market for breached data serves to encourage wrongdoers further.” – New York State Department of Financial Services Report on Cyber Security in the Banking Sector
Banks are pretty smart about security in terms of being able to access digital money. You still need to be able to present yourself and your identity before you can access your funds. But you need to be careful about keeping your credentials to yourself.
Card skimming and phishing are two ways where your credentials can get into the wrong hands without you knowing about it.
Card skimming is where your card is read by a physical device and stores your details and pin number for later use.
Phishing is where people are baited into providing their login details to websites that look exactly like their actual banking sites.
In its 2014 Breach investigations report, Verizon included both of these methods as significant attacks on banking institutions. These two methods along with DDoS (denial of service) attacks accounted for 72% of 100,000 surveyed attacks.
It is important that banks secure their systems from both fraudulent activity by logged in users and from fraudulent activity by suspicious connections to their systems.
Physical security for their servers, networks and other hardware follow similar patterns to any serious online vendor. Banks are not significantly unique in this regard.
The more interesting piece is how banks use behavioural analytics or transaction monitoring to detect money movements that look out of the ordinary. Banks store a huge volume of data as an enormous amount of money is moved between them in millions of payments each day. This data can be used to find payment patterns and as soon as something doesn’t add up, the suspicious transactions can be halted.
You may have experienced this when trying to purchase a high value item that is not in your normal spending range. This can also happen when you’re shopping in a geographic region that is different from usual. The bank’s fraud checks will pick this up and they contact you to confirm the transaction. They also guard quite closely the rules that they apply to determine if a transaction is suspicious!
However, the most interesting of all of these is biometrics. At the moment the most secure thing the banks have is a 2-factor authentication token that generates a random number for you to enter when you sign on to your online banking system. This can be slightly frustrating when you don’t have your token with you.
Your biometrics are always with you, and if banks can find a quick way for customers to provide this easily, that would be substantially more convenient. This technology represents the latest step in personal banking security and is becoming increasingly realistic for the general public.
In a digital age, the challenge for banks to maintain their customer’s security is paramount and worth investing in, which the banks have been doing heavily. Staying one step ahead of the curve from cyber-criminals and fraudsters gives their customers trust, which is fundamental and invaluable for any bank.