Currencies

Nomura rounds up markets’ biggest misses in 2016

Forecasting markets a year in advance is never easy, but with “year-ahead investment themes” season well underway, Nomura has provided a handy reminder of quite how difficult it is, with an overview of markets’ biggest hits and misses (OK, mostly misses) from the start of 2016. The biggest miss among analysts, according to Nomura’s Sam […]

Continue Reading

Property

Spanish construction rebuilds after market collapse

Property developer Olivier Crambade founded Therus Invest in Madrid in 2004 to build offices and retail space. For five years business went quite well, and Therus developed and sold more than €300m of properties. Then Spain’s economy imploded, taking property with it, and Mr Crambade spent six years tending to Dhamma Energy, a solar energy […]

Continue Reading

Currencies

Euro suffers worst month against the pound since financial crisis

Political risks are still all the rage in the currency markets. The euro has suffered its worst slump against the pound since 2009 in November, as investors hone in on a series of looming battles between eurosceptic populists and establishment parties at the ballot box. The single currency has shed 4.5 per cent against sterling […]

Continue Reading

Banks

RBS falls 2% after failing BoE stress test

Royal Bank of Scotland shares have slipped 2 per cent in early trading this morning, after the state-controlled lender emerged as the biggest loser in the Bank of England’s latest round of annual stress tests. The lender has now given regulators a plan to bulk up its capital levels by cutting costs and selling assets, […]

Continue Reading

Currencies

China capital curbs reflect buyer’s remorse over market reforms

Last year the reformist head of China’s central bank convinced his Communist party bosses to give market forces a bigger say in setting the renminbi’s daily “reference rate” against the US dollar. In return, Zhou Xiaochuan assured his more conservative party colleagues that the redback would finally secure coveted recognition as an official reserve currency […]

Continue Reading

Categorized | Banks, Financial

Networks battle cyber attackers


Posted on September 26, 2016

(FILES) In this photograph taken on October 11, 2014, Bangladesh Central Bank Governor Atiur Rahman speaks during the 2014 IMF World Bank Annual Meeting in Washington DC. Bangladesh's central bank chief resigned on March 15 after hackers stole $81 million from the nation's foreign reserves in one of the biggest bank heists in history, the finance minister said. The audacious cyber-theft has embarrassed the government, triggered outrage in the impoverished country and raised alarm over the security of the country's foreign exchange reserves of over $27 billion. / AFP / MANDEL NGAN (Photo credit should read MANDEL NGAN/AFP/Getty Images)©AFP

When $81m was stolen by cyber criminals from the Bangladeshi central bank earlier this year, it was not just the money that was lost, but trust in the Swift global payments network relied on by 11,000 members.

Gottfried Leibbrandt, Swift’s chief executive, said the business of protecting money had been changed completely now that criminals did not need “guns and blow torches” to break into banks but simply a PC. Payments networks are having to work out new ways to keep up with a rapidly changing set of digital threats.

    Swift, the messaging service that allows the transfer of money between banks, found a “good number” of attacks after the heist from the Bangladeshi central bank in February at banks in Vietnam, the Philippines and Ecuador.

    Pushing its members to tighten their security, it pointed the finger in a letter: “The targeted customers have, however, shared one thing in common; they have all had particular weaknesses in their local security.”

    Payments networks — whether Swift or the latest peer-to-peer money transfer app — are only as trustworthy as their weakest link. Even if data are encrypted in transit, each bank or individual on a network must be able to reliably prove who they are — and authentication in payments still has a way to go.

    The Swift attacks did not come as a surprise to people in the industry, says Justin Clarke-Salt, co-founder of Gotham Digital Science, a cyber security company. The attacks played on a weakness in the system: that not every institution protects access to Swift in the same way.

    “They are going after low hanging fruit. Attackers often attack people who are easier to attack,” he says. “So far from what we know has been publicly reported, they have very much targeted smaller financial institutions. This is probably because they have less sophisticated controls.”

    Attackers are becoming more sophisticated, while defences that people have relied on for some time are breaking down

    Larger banks will have additional layers of cyber security known in the industry as “defence in depth”. They may have automated certain elements of the controls rather than relying on manual systems and are more likely to have created a physical barrier, like a secure gated room, to access the network, he says.

    Rajiv Dholaki,, vice-president of products at Nok Nok Labs, a Palo Alto-based company that provides online authentication, says that while it is not yet clear exactly how hackers conducted the Swift breaches, they got into “weak networks” in “local jurisdictions like Ukraine or Bangladesh”, where they were able to pretend to be legal entities simply because they were within the network.

    Cyber attack survival guide


    Generic pictures of a hacking attack on a laptop computer screen.

    What to expect, who to tell and how to limit the damage

    For Mr Dholakia, the Swift attacks are an example of a broader problem: that attackers are becoming more sophisticated, while defences that people have relied on for some time are breaking down. This is a “volatile mix for the future”, he warns.

    “A common thread to many of these attacks is compromised or hijacked credentials that allow an attacker to pose as a legitimate entity,” he says.

    Despite concerns about the potential for hackers to target everything from connected

    Banks struggle to make blockchain fast and secure

    Blockchain conundrum: can the technology be made sufficiently safe and quick for big financial institutions?

    Technology must be designed differently for financial institutions

    cars to power plants, most cyber criminals are still clearly motivated by money. They are on the hunt for ways to steal by pretending to be people they are not.

    The introduction of the EMV payments standard (known in Europe as chip and pin) in the US has reduced criminals’ ability to steal from cards used in stores, whether it be through fake credit cards or by hacking the software in payment terminals as they did in attacks on Target and Home Depot.

    Instead, many are looking for ways to steal online in so-called “card not present transactions”, where a payment card is used online or over the telephone. Payments fraud jumped 137 per cent in the US in the past year, according to a recent study by PYMNTS.com in conjunction with fraud detection company Forter.

    Smrithi Konanur, a global product manager at HPE Security’s data security division, says cyber criminals are now focusing on using stolen credentials in web and mobile apps, where it is hard to authenticate a user without putting them off using the app. Visa tried to do this with Visa Verified, where a consumer is diverted to another page to be authenticated by a third party. “That process didn’t go very well because retailers didn’t see it as a good experience for their customers, so it didn’t take off,” Ms Konanur says.

    She adds that “old school payments infrastructure” on the back end is struggling to keep up with changes under way in payments: from store, to e-commerce, to mobile and now evolving into taking payments in connected “internet of things” devices.

    Financial industry faces extreme disruption

    Driven by Uber: the rise of the “sharing economy” based on peer-to-peer services is helping growth of small mobile payments

    Start-up challengers, regulatory pressure and cyber crime create perfect storm

    There has been a threefold increase in mobile malware in the past year, says Scott Clements, chief strategy officer at Vasco Data Security, as people increasingly interact with their banks via mobile apps.

    “There’s a real acceleration happening in infected applications that go on to mobile devices and access personal and confidential information for nefarious purposes,” he says.

    Hackers are reverse engineering online banking apps, copying them and putting them in unofficial app stores, especially in China, to trick consumers into believing they are the real app — and so harvesting their credentials.

    Vasco creates a “wrap” that protects online banking apps so that no infected apps on a phone can interact with them, and creates different forms of two factor authentication, such as creating bar codes on web pages that can be snapped for identification.

    However, for banks competing with a host of fintech start-ups, customer convenience will always be important. They may have to make an “economic assessment” of how much they will lose to fraud versus how much they could lose to a “very poor user experience”, he says.

    “Younger people and millennials in particular have a propensity to do more on a mobile device. I’m not sure my kids have been in a bank branch in more than half their life,” he says.