What Cybersecurity vulnerabilities are in Online Retail Banking?

Written By Todd Mitchell

Online Retail banking serves the needs of individual customers and includes services that lets a customer control the accounts. These include mobile deposits, maintaining savings and checking accounts, transferring money between accounts, bill paying, and applying for loans. Commercial banking serves the needs of business customers and offers to provide the service for the customer. These include savings accounts, checking accounts, loan management facilities, credit management facilities, foreign exchange, etc. solely for companies and businesses.

Banks who offer online retail banking no longer have full control over accounts. When a customer accesses the account and performs transactions via the internet means the customer is interacting directly to the banks internal systems. The consequences of information security breaches specific to online retail banking include unauthorized disclosure, modification or destruction of information. Another threat is the vandalism of the site or a denial-of-service attack to prevent customers from accessing account.

Unauthorized disclosure allows the information to be used by an attacker in a way it was not intended. Modification of the banks information could result in financial loss to the bank. For example, increasing an account balance then withdrawing the funds before it is exposed.  Destruction of information in the banks internal systems could result in severe losses. If the bank has no accurate records of account information they could even be forced to close (Belasco, & Wan, 2006). Even though banks have not had a major breach and have been responsible for only 8% of all breaches, they have had to reimburse card members for 62% of their losses (Ginovsky, 2014). This severe consequence of financial burden is causing banks to be proactive in bringing new technologies to Point of Sale transactions.

You are correct in thinking you are only doing what the bank allows you to do. However, the bank is allowing you access to its internal systems to conduct a certain transaction. To better explain what I meant I will give an example of using my mobile app to deposit a check. First, I pick the account then the amount of the check. Then, I take a picture of the check and click on the submit button. The app connects to the internal banking systems to add the amount to my balance and update the transaction logs. It returns the amount of the new balance to my accounts summary page almost instantly.

My app has access to the banks internal systems in a way that used to take going to a teller window and having a bank employee enter the data in the system. This is what I meant by the bank giving up some control over my account. The cybersecurity threats that come to mind from my example include depositing a check in numerous banks and spending the money before they catch it the next day. A Man-in-the-middle attack could also occur and change account balance information or amount of deposit.

References:

Belasco, K., & Wan, S. P. (2006). Online retail banking: Security concerns, breaches and controls. In H. Bidgoli (Ed.), Handbook of information security, (Vol. 1). New York, NY: John Wiley & Sons.

Ginovsky, J. (2014). Plugging the breach: Recent, massive data breaches have banks asking how they can protect themselves and their customers, in both point-of-sale and online payments Simmons-Boardman Publishing Corporation. Retrieved from http://ezproxy.umuc.edu/login?url=http://search.ebscohost.com.ezproxy.umuc.edu/login.aspx?direct=true&db=edsgbe&AN=edsgcl.364199811&site=eds-live&scope=site

Todd Mitchell
Previous

How Healthcare Products and Services Sector uses eB2B?
Next

What is the Gramm-Leach-Bliley Acts (GLBA)?