Digital Banking Security: Protecting Your Institution and Account Holders Without Compromising Ease of Use
Security breaches continue to grow in both frequency and sophistication for all industries, and the financial sector is no stranger. Over the past year, attacks on financial institutions have increased drastically. This year alone, the Federal Trade Commission reported 1.1 billion fraud attacks, which is twice the volume of fraudulent activity reported just two years ago.
Data breaches through malware and phishing are a leading cause of account takeover fraud, where attackers steal names, emails, passwords, dates of birth, and social security numbers to gain control of an account, make fraudulent charges, and create synthetic identities.
Accessing an account is easier than one might think - users tend to use highly predictable passwords that contain personal credentials, with 59% using their own names and birth dates, and 23 million others who surprisingly still use the password "123456." This information is easily accessible to hackers through online searches and social media activity, opening the door for the fraudsters.
These cyberattacks and security breaches impact both account holders and the institution, leading to lost revenue and a poor reputation, interruptions in operations, and ultimately user attrition. As customers and members become increasingly aware of the importance of cybersecurity and their vulnerabilities, banks and credit unions must ensure their digital banking platforms are secure, but without sacrificing the user experience everyone has come to expect.
Although there isn’t a one-size-fits-all approach to digital security, there are best practices an institution should consider.
Secure the Code
Security starts with securing the code, including safeguards against vulnerabilities, code flaws, and malicious code. Static code scanning is critical, as well as adhering to industry guidelines and protocols such as NCUA IT Security Standards, and OWASP's Top 10 and Mobile Top 10 - ensuring the highest level of security for your financial institution.
Safeguard Customer and Member Data
One of the most important aspects of security for financial institutions is safeguarding customer and member data. This includes ensuring all card data is stored and managed in a PCI-compliant manner, as well as protecting data at all levels of the application architecture - from encryption of data in motion and field-level encryption in the database for security at rest. Additionally, banks and credit unions should store passwords securely using updated hashing mechanisms, confirm whether salt is included in the hash, and if so, ensure the salt is obtained from a cryptographically strong source.
Mitigate Employee Fraud
Threats from internal sources are equally dangerous as those from outside, which is why mitigating employee fraud must be a priority. A role-based access control system manages who can update account holder details and when – such as during business hours only, or on specific days. Other tools to protect the institution and account holders include security controls that prevent staff from transacting on behalf of users, as well as admin controls that can limit specific views and activities based on access-rights.
Secure Environment – Hosted or On-Premise
A secure environment is a must, including fraud-prevention mechanisms like web application firewalls and DDoS mitigation that provide the highest level of security for your financial institution and its customers and members. Geo-fencing-based security techniques can also be leveraged to restrict access from specific locations or countries, as well as identify which devices are logged into your digital banking platform and from where. Additional security mechanisms include information on limitations and conditions under which device identities cannot be maintained, and protecting sensitive system configurations like database connection strings, third-party API credentials, and managing single sign-on (SSO) access.
Built-in solution alerts help warn account holders of potentially fraudulent activity as soon as it happens. By alerting customers and members of unusual or high-risk activity, such as when a password or email address is changed, or there’s been an unsuccessful login attempt, can help stop a potentially dangerous situation.
Although many security protocols are within your banking infrastructure, educating users on how to keep themselves safe with best practices is also important. Reminding account holders to use secure, modern browsers, as well as offering configurable usernames and passwords, can add a level of protection. Other built-in solution capabilities should be encouraged through education, like multi-factor or biometric authentication, which provide fraud mitigation from the outside-in and are said to stop nearly 99% of all attacks.
Alogent places a premium focus on security, which is why NXT, our unified digital banking platform for consumers and businesses, leverages cutting-edge capabilities for a rock-solid approach. Guard your institution and account holders with enterprise-grade protection and show customers and members the importance you place on their online and mobile banking safety.
Learn more about digital banking security and NXT. Download best practices for rock-solid security, here.
Click here to schedule a discovery call with our team!
Be the first to know! Click below to follow us on LinkedIn for news and content updates!