Solutions for E-Banking Security Holes:

Digital Security of software systems in Banks is very important to protect sensitive bank information, employee's identity and customer's privacy, also to avoid many legal problems.

Strong security solutions are very important especially with the presence of online banking, banking software and workflow systems. The extensive usage of software systems in banks without strong security could lead to many legal problems. Normal security systems and policies do not stop internal or external hacking, and do not provide a legal way to proof any made transaction.

Online banking accounts are frequently targeted by cybercriminals. Security issues remain a major concern for customers and corporations alike. As a result, banks need to implement adequate security measures to protect themselves and their customer base.

Saudi Arabian Monetary Agency (SAMA) suggested the following solutions that aim to increase the level of security for online banking:

Identity Authentication

Banks should use appropriate measures in order to authenticate the identity of customers. It is important for any bank to check that each online transaction or access request is legitimate to ensure the safety of online banking.

Banks therefore have to use reliable methods for verifying the identity and authorisation of new and existing customers. Showing the customers what has been done to secure them, makes them feel the system is secure and that there money are protected.

Segregation of Duties

Banks should promote adequate segregation of duties within e-banking systems, databases and application, which is critical for their security and soundness. Therefore, Banks are required to set up sophisticated internal control designed specially to reduce fraud risk in operational processes and systems and to ensure that transactions and equipment are properly authorised, recorded and safeguarded.

The classification of duties should cover authorization, custody, record keeping and reconciliation.

Protect Data Integrity

Data integrity of transactions, records and information are essential for any bank to be protected. If the bank did not give special attention to that, it may face financial losses as well as legal and reputational risk.

In addition, banks should arrange and represent proper organisational, procedural and technical methods, which ensure that the integrity of financial and transactional data is maintained. Financial data recording should be stored securely, retrievable for inquiry or reporting, safeguarded against improper alteration, and mostly reflect the actual values involved.

Regular Update and Audit

Feasible updates of the online banking system would reassurance that the authentication platform is stay one step ahead of hackers and decrease there chances to stole the data and also minimize the security holes.

Banks should ensure that the internal control system is adapted to e-banking services and that clear audit trails are maintained. Added to that, internal controls should be independently auditable by external agencies. Audit trail should:

Give adequate proof to show the transaction stream, from start to finish, and any accompanying control/procedural execution.

Be sufficient to fulfill the rules of the courts under which they could be used.

Preserve the Confidentiality

The advent of online banking introduces extra security challenges for banks since it increases the exposure that information transmitted over the public network or stored in databases may be accessible by unauthorised or inappropriate parties. Also, expand the use of service providers may uncover essential data of banks to other parties.

So, the key data of the banks must remain private. Any abuse could result in exposing the bank to high impact reputation and legal risk. The protection of confidentiality should be commensurate with the impact of the risk of unauthorised exposure:

Confidentiality should be maintained by use of access controls and encryption.

Cryptographic techniques should be based on recognized algorithms that have not been disputed in their strength or use.

Access should only be permitted based on the "need to know" principle.

My Q is what do you think would be the best solution to the problem ( E-Banking Security Holes ) ? and what are the possible impacts ?