Banks

RBS share drop accelerates on stress test flop

Stressed. Shares in Royal Bank of Scotland have accelerated their losses this morning, falling over 4.5 per cent after the state-backed lender came in bottom of the heap in the Bank of England’s latest stress tests. RBS failed the toughest ever stress tests carried out by the BoE, with results this morning showing the lender’s […]

Continue Reading

Capital Markets, Financial

BGC Partners eyes new platform to trade US Treasuries

BGC Partners plans to launch a new platform to trade US Treasuries early next year, in a bid to return to a market in the middle of evolution, according to people familiar with the plans.  The company, spun out of Howard Lutnick’s Cantor Fitzgerald in 2004, sold eSpeed, the second-largest interdealer platform for trading Treasuries, […]

Continue Reading

Financial

Sales in Rocket Internet’s portfolio companies rise 30%

Revenues at Rocket Internet rose strongly at its portfolio companies in the first nine months of the year as the German tech group said it was making strides on the “path towards profitability”. Sales at its main companies increased 30.6 per cent to €1.58bn while losses narrowed. Rocket said the adjusted margin for earnings before […]

Continue Reading

Currencies

Renminbi strengthens further despite gains by dollar

The renminbi on track for a fourth day of firming against the dollar on Wednesday after China’s central bank once again pushed the currency’s trading band (marginally) stronger. The onshore exchange rate (CNY) for the reniminbi was 0.28 per cent stronger at Rmb6.8855 in afternoon trade, bringing it 0.53 per cent firmer since it last […]

Continue Reading

Currencies

Nomura rounds up markets’ biggest misses in 2016

Forecasting markets a year in advance is never easy, but with “year-ahead investment themes” season well underway, Nomura has provided a handy reminder of quite how difficult it is, with an overview of markets’ biggest hits and misses (OK, mostly misses) from the start of 2016. The biggest miss among analysts, according to Nomura’s Sam […]

Continue Reading

Categorized | Banks, Financial

Networks battle cyber attackers


Posted on September 26, 2016

(FILES) In this photograph taken on October 11, 2014, Bangladesh Central Bank Governor Atiur Rahman speaks during the 2014 IMF World Bank Annual Meeting in Washington DC. Bangladesh's central bank chief resigned on March 15 after hackers stole $81 million from the nation's foreign reserves in one of the biggest bank heists in history, the finance minister said. The audacious cyber-theft has embarrassed the government, triggered outrage in the impoverished country and raised alarm over the security of the country's foreign exchange reserves of over $27 billion. / AFP / MANDEL NGAN (Photo credit should read MANDEL NGAN/AFP/Getty Images)©AFP

When $81m was stolen by cyber criminals from the Bangladeshi central bank earlier this year, it was not just the money that was lost, but trust in the Swift global payments network relied on by 11,000 members.

Gottfried Leibbrandt, Swift’s chief executive, said the business of protecting money had been changed completely now that criminals did not need “guns and blow torches” to break into banks but simply a PC. Payments networks are having to work out new ways to keep up with a rapidly changing set of digital threats.

    Swift, the messaging service that allows the transfer of money between banks, found a “good number” of attacks after the heist from the Bangladeshi central bank in February at banks in Vietnam, the Philippines and Ecuador.

    Pushing its members to tighten their security, it pointed the finger in a letter: “The targeted customers have, however, shared one thing in common; they have all had particular weaknesses in their local security.”

    Payments networks — whether Swift or the latest peer-to-peer money transfer app — are only as trustworthy as their weakest link. Even if data are encrypted in transit, each bank or individual on a network must be able to reliably prove who they are — and authentication in payments still has a way to go.

    The Swift attacks did not come as a surprise to people in the industry, says Justin Clarke-Salt, co-founder of Gotham Digital Science, a cyber security company. The attacks played on a weakness in the system: that not every institution protects access to Swift in the same way.

    “They are going after low hanging fruit. Attackers often attack people who are easier to attack,” he says. “So far from what we know has been publicly reported, they have very much targeted smaller financial institutions. This is probably because they have less sophisticated controls.”

    Attackers are becoming more sophisticated, while defences that people have relied on for some time are breaking down

    Larger banks will have additional layers of cyber security known in the industry as “defence in depth”. They may have automated certain elements of the controls rather than relying on manual systems and are more likely to have created a physical barrier, like a secure gated room, to access the network, he says.

    Rajiv Dholaki,, vice-president of products at Nok Nok Labs, a Palo Alto-based company that provides online authentication, says that while it is not yet clear exactly how hackers conducted the Swift breaches, they got into “weak networks” in “local jurisdictions like Ukraine or Bangladesh”, where they were able to pretend to be legal entities simply because they were within the network.

    Cyber attack survival guide


    Generic pictures of a hacking attack on a laptop computer screen.

    What to expect, who to tell and how to limit the damage

    For Mr Dholakia, the Swift attacks are an example of a broader problem: that attackers are becoming more sophisticated, while defences that people have relied on for some time are breaking down. This is a “volatile mix for the future”, he warns.

    “A common thread to many of these attacks is compromised or hijacked credentials that allow an attacker to pose as a legitimate entity,” he says.

    Despite concerns about the potential for hackers to target everything from connected

    Banks struggle to make blockchain fast and secure

    Blockchain conundrum: can the technology be made sufficiently safe and quick for big financial institutions?

    Technology must be designed differently for financial institutions

    cars to power plants, most cyber criminals are still clearly motivated by money. They are on the hunt for ways to steal by pretending to be people they are not.

    The introduction of the EMV payments standard (known in Europe as chip and pin) in the US has reduced criminals’ ability to steal from cards used in stores, whether it be through fake credit cards or by hacking the software in payment terminals as they did in attacks on Target and Home Depot.

    Instead, many are looking for ways to steal online in so-called “card not present transactions”, where a payment card is used online or over the telephone. Payments fraud jumped 137 per cent in the US in the past year, according to a recent study by PYMNTS.com in conjunction with fraud detection company Forter.

    Smrithi Konanur, a global product manager at HPE Security’s data security division, says cyber criminals are now focusing on using stolen credentials in web and mobile apps, where it is hard to authenticate a user without putting them off using the app. Visa tried to do this with Visa Verified, where a consumer is diverted to another page to be authenticated by a third party. “That process didn’t go very well because retailers didn’t see it as a good experience for their customers, so it didn’t take off,” Ms Konanur says.

    She adds that “old school payments infrastructure” on the back end is struggling to keep up with changes under way in payments: from store, to e-commerce, to mobile and now evolving into taking payments in connected “internet of things” devices.

    Financial industry faces extreme disruption

    Driven by Uber: the rise of the “sharing economy” based on peer-to-peer services is helping growth of small mobile payments

    Start-up challengers, regulatory pressure and cyber crime create perfect storm

    There has been a threefold increase in mobile malware in the past year, says Scott Clements, chief strategy officer at Vasco Data Security, as people increasingly interact with their banks via mobile apps.

    “There’s a real acceleration happening in infected applications that go on to mobile devices and access personal and confidential information for nefarious purposes,” he says.

    Hackers are reverse engineering online banking apps, copying them and putting them in unofficial app stores, especially in China, to trick consumers into believing they are the real app — and so harvesting their credentials.

    Vasco creates a “wrap” that protects online banking apps so that no infected apps on a phone can interact with them, and creates different forms of two factor authentication, such as creating bar codes on web pages that can be snapped for identification.

    However, for banks competing with a host of fintech start-ups, customer convenience will always be important. They may have to make an “economic assessment” of how much they will lose to fraud versus how much they could lose to a “very poor user experience”, he says.

    “Younger people and millennials in particular have a propensity to do more on a mobile device. I’m not sure my kids have been in a bank branch in more than half their life,” he says.