How safe is the money in my bank account, anyone reading about the cyber heist from the Bangladesh central bank’s account would have asked himself this question. If a central bank can be robbed of $100 million in its foreign exchange reserve kept in the United States Federal Reserve, common man have reasons to worry about his savings account.
Cyber security experts know that this threat is present anytime anywhere, including in the United States which is well advanced in cyber security measures. “There are two kinds of big companies in the United States. There are those who've been hacked and those who don't know they've been hacked," FBI Director James Comey said, revealing the loopholes in the strongest of systems.
Every modern technology in the banking sector raises a new security threat. These days money circulates mainly in electronic form. When currency notes were prevalent, any shortage in notes would be immediately recognised. It takes a while for a fraud to come to light in the age of e-money. By then your money would have travelled a lot.
The heist at the Bangladesh central bank happened in the first week of February but the news broke only in the third week of March. The money was transferred through a very secured system called the Society for Worldwide Internbank Financial Telecommunication (SWIFT), which enables banks to transact securely and globally. SWIFT follows the six-eyes principle, which requires three men to participate in any transaction.
I still do not understand how the hackers could get through these three levels of security to rob the Bangladesh central bank. Passwords of at least three top officers of the bank have been compromised.
The heist was flagged only because of a typo in the name of the beneficiary. This small mistake by the criminal group raised a doubt in a bank which was involved in the chain of transactions. It alerted the other banks and helped spot the robbery.
What are the lessons from this incident? Reserve Bank of India’s former executive director and cyber security expert G Padmanabhan threw some light on this danger recently at a speech: “As we acquire more and more modern electronic gadgets, there will be a large number of insecure devices that co-exist on the same network with more secure ones. Since in an inter-connected world, security is as good as the weakest link. The criminals will attempt to exploit a less secure but trusted device to attack the critical and well protected resources.
“Mobile devices have been getting more powerful every year. Smart phones available today are capable of carrying out all the functionalities generally done on a PC. While there are efforts made to ensure that a PC is kept secure, a smart phone that does the same functionality does not receive similar attention. Mobile Banking has gained popularity in the last few years. In the coming years mobile devices are going to be increasingly used for transferring funds and for making payments. Mobile devices, if regular updating of security is given a go by, could well become an attractive and easy target for cyber criminals,” he pointed out.
It is important to secure the passwords of ATM cards, internet banking and mobile banking. Let us heed the counsel of Padmanabhan.
(The writer is Chief General Manager of the State Bank of Travancore. His views are personal.)