A recent spate of security breaches in the systems of financial service providers has highlighted the vulnerability of this sector to determined hackers, and raised concerns about the confidentiality of client information, and consequently of the security of assets located in online banks.
The most recent of these attacks was targeted at the Swiss banking giant UBS, who received a variant of the LOVELETTER virus (which caused chaos in the spring of 2000), which replicates itself using Microsoft's Outlook express programme, and includes a resume, purportedly from a job applicant in Switzerland. When the attachment is opened, the virus downloads a password-stealing programme which copies any online banking information (for example password and pin number) stored on the hard drive, and forwards it to an e-mail address, where the hacker can access it.
A small number of UBS clients suffered losses amounting to SFr 34,000 in total, and it is believed that the damage was limited because the vast majority of UBS e-banking customers do not use the UBS pin software which was infiltrated by the virus. However, the fact that the virus author has not thus far attempted to transfer money from any other accounts does not necessary mean that confidentiality has not been compromised elsewhere.
Although no connection has been made explicit, it can surely be no coincidence that since this event, the bank has decided not to go ahead with plans to create an online personal investment unit for 'mass affluent' European clients, focussing instead on providing advisors for wealthier clients.
Egg, one of Britain's highest profile online banks was also the victim of internet fraud in the summer of last year, when a group of three men attempted to rob it by making numerous fraudulent applications. Although Egg spokeswoman Poppy Nagra was reported as saying at the time of the incident that: 'At no time has Egg security been breached and absolutely no money has been fraudulently obtained through this activity', the police conducting the investigation insisted that a several thousands of pounds had been lost; which while not in itself a threat to an organisation of Egg's size, could be seen to represent the thin end of the wedge in terms of internet fraud.
The organisation insists that security measures which resulted in the capture of the three fraudsters will make it exceptionally difficult for others to jeopardise the security of financial records and customer assets, but there were other embarrassments for Egg last year, including a number of website crashes which left client details exposed on-screen, and e-mails sent out displaying credit card details in the subject line and text.
These incidents raise the question then, of just how secure online banking really is, and there are those who feel that as a result of the recent headlong rush to develop online features to complement (or in some cases replace) existing services, not enough thought was given to ensuring customer confidentiality and security.
There is a balance that must be struck between ease of use for the consumer, and security measures designed to protect against fraud, and too many financial services providers are focussing on one aspect at the expense of the other. Neither of these, taken to extremes, is useful for the customer, with the former resulting in lax security which could compromise the integrity of their banking arrangement, and the latter in intense frustration which may lead them to reconsider the wisdom of online banking.
An Arthur Anderson report last year criticised financial service firms for not committing themselves to online services quickly enough, but it has been suggested by some that banks and potential online banking customers should wait until the kinks are ironed out of the system before taking the plunge. However, the issue of online security looks set to run and run - internet analyst Mamoun Tazi of investment bank Schroder Salomon Smith Barney was quoted at the time of the Egg debacle as saying: 'It will be an ongoing affair between the banks and the hackers' as each side races to get ahead by acquiring more and more sophisticated equipment.
But Expats Have No Choice . . .
For an increasing number of expatriates, however, online banking is the only practical way to manage their finances, as many opt each year to transfer assets offshore for tax-minimisation purposes, and in order to streamline the money management process. If you find that a traditional banking relationship is an impossibility, due to your situation, then don't panic…
Online banks, and integrated banks offering online banking services do need to clean up their acts, and keep them clean if they are to stay ahead of the game, but there are some measures that you can take to protect yourself, the most basic of which being if you are suspicious about the contents of an e-mail attachment, then just don't open it - if it is a genuine e-mail rather than a virus, then nine times out of ten the sender will understand, and would probably have done the same themselves.
It may be tempting to store your banking details on the hard drive of your computer for ease of reference, but the incident at UBS has shown that this is both unwise and unsafe, and there is a danger that this latest attack will serve as a template for others, as other hackers have now been made aware of how to access banking information within the Windows settings. As Graham Cluley, senior technology consultant for Sophos Anti-Virus puts it: 'Saving your personal banking details on your computer is as daft as keeping your credit card PIN number on a slip of paper in your wallet'.
Finally, do your due diligence on the organisation that you are about to entrust your precious savings to - find out what sort of security measures they have in place, and to what degree they will compensate you if the worst happens. And with a bit of luck and careful management, it won't!
.
Network Tweets
Network BlogsContent
provided by
|
Archive | Resources | Partners | Site Map | Links | Newsletter Archive | Contact | RSS Feeds | About | Syndication | Advertising & Marketing | Recruitment | Terms & Conditions | Privacy & Cookies
Copyright © 2012 - All Rights Reserved - Tax-News.com
IMPORTANT NOTICE: Tax-News.com has taken reasonable care in sourcing and presenting the information contained on this site, but accepts no responsibility for any financial or other loss or damage that may result from its use. In particular, users of the site are advised to take appropriate professional advice before committing themselves to involvement in offshore jurisdictions, offshore trusts or offshore investments.
Write a comment