The new normal
With the rapid advancement of mobile technologies, the internet is now accessible from everywhere. This has had a positive impact on the development and penetration of mobile devices. Today mobile subscriptions already outnumber the world’s population, as underpinned by Statista “Chart of the Day”.
The proliferation of mobile devices has spurred the use of mobile banking apps and cryptocurrency. By and large, this innovation in mobile banking and cryptocurrency is altering both the way people want to interact with their financial service providers and the payment industry. With new regulation such as Payment Services Directive (PSD2), the European Union has set the rules for open-banking allowing FinTechs access to systems and customer data of traditional financial institutions. The potential benefits of open banking include enhanced customer service even for underserved markets, new revenue streams, and improved margins.
With that said, mobile wallets, open banking, and cryptocurrency offer consumers a lot of choices along with real-time information at every touch point to complete a transaction on the spot 24/7.
Former Harvard Business School professor Theodore Levitt stated, “People don’t want to buy a quarter-inch drill. They want a quarter-inch hole.
While this presents major opportunities for financial institutions, Fintechs, and consumers it places a lot of responsibility on
those tasked with keeping a financial institution from being compromised by cyber-attacks or used as a vehicle to launder money, it’s a spawning headache.
There’s a Perfect Storm Brewing
While running through the train station in Frankfurt, Germany, I noticed all the monitors were out causing me and hundreds of passengers to miss our scheduled trains. WannaCry, quickly infected more than 200,000 businesses in 140 countries locking computers until a ransom is paid.
Already, Bitcoin exchanges witnessed some devastating cyber attacks, leaving many of these exchanges with no option but to file for bankruptcy. According to a report by Imperva Incapsula titled “Q3 2017 Global DDoS Threat Landscape.” Digital currency operators and Bitcoin exchanges are already the most common targets of distributed denial of service (DDoS) attacks. Also, the report cited that three out of four Bitcoin sites were victim of DDoS attacks in the third quarter of 2017 alone. Since 2011 to December 2017, there have been at least 30 heists at cryptocurrency exchanges. No one would argue that Bitcoin holders have suffered the most, in fact, It is estimated that more than 900,000 Bitcoins have been stolen with a potential value of $ 6.3 billion as of Dec 2017.
In all fairness to cryptocurrency exchanges, traditional financial institutions have also been preyed upon by cyber attackers. For example, the Carbanak campaign and Bangladesh Bank are two cases highlighting the sophistication of cyber-criminals and the vulnerability of traditional financial institutions.
After the Carbanak malware was installed, it set on the bank’s computer systems for months, sending back vital information about how the bank carried out business critical tasks. This international group of hackers was then able to successfully impersonate bank officers and carry out internal procedures at over 100 banks around the world. With complete control of mission-critical systems, they managed the transfer of millions of dollars from banks in Russia, Japan, Switzerland, the United States and the Netherlands into fake bank accounts set up in other countries. It might never have been detected if not for a video surveillance camera filming an ATM machine in Kiev. An ATM was filmed as it started dispensing cash, right before the pickup person walked in at midnight, and this was no isolated event. It was reported that over 100 banks around the world compromised to the sum of $900 million USD.
77 percent of the CEOs that participated in a Gartner survey, across the globe, stated that they see digital business bringing new and increased levels of risk to their organizations. Once upon a time, cybercriminals focused their efforts on PCs. However, with the average user spending about 5 hours per day on a mobile device, with roughly 70 % of those smartphone devices not having an anti-virus program installed on them, sensitive data (e.g. contacts, passwords, emails, documents, photos, etc) is exposed to potential cyber threats. Therefore, we have witnessed a sharp increase in new mobile malware, because criminals like to take the path of least resistance.
Risks of the Internet of Things
With that said, the “Internet of Things” is driving the interoperability of
physical devices, vehicles, home appliances, and other items such as electronics, software, and sensors, which enables these objects to connect, and exchange data. Online capable devices increased to 8.4 billion in 2017 and by 2020 experts estimate 30 billion objects with a global market value of $7.1 trillion.
Nokia Threat Intelligence Report – 2H 2016 believes that more than 100 million devices worldwide have been infected by malware, including mobile phones, laptops, notepads and a broad range of IoT devices. Also, the Nokia Threat Intelligence Report stated that smartphones were more often targeted, accounting for 85 percent of all mobile device infections and smartphone infections increased 83 percent during July through December, compared to the first half of the year. According to Check Point mobile threat researchers, financial institutions the custodians of customer’s money and data are a much sought-after target for cyber attacks. Malware Attacks By Industry:
Source: Check Point Mobile Cyber Attacks Impact Every Business November 2017.
With the number of mobile devices already infected with malware and the connectivity of devices expands cybercriminals will have more routes to target than ever before.
Therefore, it should not be hard to imagine an attack whereby cybercriminals are able to infiltrate a financial institution’s systems or other businesses via the coffee machine, smartphone, refrigerator or through the wearable digital health device of an employee.
Written by Paul Hamilton
“Top Misconceptions of Cryptocurrency as a Payment System”
Which can be read on Amazon Kindle Unlimited for Free You can find more interesting articles by visiting us on one of the following platforms: AML Knowledge Centre (LinkedIn) or Anti-Bribery and Compliance at the Front-Lines (LinkedIn)