Many years back, football hooliganism was rampant, and then one day, it disappeared from the stadiums. The reduction in football-related violence was primarily due to the ability to identify hooligans from CCTV footage after the Sports Grounds Safety Authority installed stadium cameras.
Similarly, we have seen a ramp-up in cybercrime and even insider fraud in the banking industry. Three things have fuelled this:
- Easy, global access to almost any system thanks to the internet
- Relative anonymity, along with the ability to forge (spoof) an identity
- Difficulty identifying if something digital is real or fake
This increase in cybercrime has produced attempts to make financial institutions accountable for the accounts they hold and the money that they may unwittingly launder. Increasing attacker sophistication has made this harder for the financial industry.
A real threat
An example of a particularly elaborate cybercrime occurred recently when one of the large banks fell prey to a physical and cyberattack at the same time. An insider provided information regarding the bank’s credit card numbers.
This information allowed criminals to produce large amounts of forged credit cards with easily obtainable desktop card printers and mag stripe encoders. Many accomplices were recruited, taking said credit cards to ATMs in a foreign country.
The accomplices used the cards at a specific time to start drawing cash from the ATMs. When one of the card associations noticed a suspicious money flow pattern emerging, they notified the issuing bank. At first, everything seemed normal to the bank and their fraud department didn’t raise an alarm.
Further investigation uncovered that the criminals had gained access the bank’s gateway servers. Every time an ATM requested clearance of a withdrawal, the gateway server answered with a ‘YES’ - without asking the bank's back-end system the question.
This method allowed the intruders to bypass all precautionary fraud and risk measures. This event is just one example, but the principle of what happens is what should concern us and where banking infrastructure improvements are vital.
A real solution: Know Your Transaction
Cybercrime is a real threat to high trust and other industries. The root cause here is that we have no protection from an authenticated endpoint, nor do we have robust protocols in place to ascertain if a transaction has been altered or is a spoof.
The technology and standards to remedy this have existed for a long time. However, financial institutions have yet to implement them at a transaction level in banking protocols. Fundamentally, banks need to put a second security principle in place. The first principle is to Know Your Customer (KYC), and the second is to Know Your Transaction (KYT).
The financial industry can achieve KYT by implementing digital signatures at a transaction level and verifying signatures upon receiving a transaction. KYT is an effective zero-trust approach. It is highly effective and secure, ensuring that the source of information is under the control of the endpoint and that no one has altered the transaction information from that which the sender intended.
Thanks to the popularity of blockchain and the rise in cryptocurrency trading, the financial industry understands public and private key concepts, their attributes of immutability and security.
Understanding that these concepts are powered by digital signatures and are applicable outside the world of blockchain and cryptocurrency is critical. Institutions can apply digital signatures independently in high-performance banking transaction systems. Each incoming transaction or instruction can be cryptographically verified with the end-point’s public key, thereby implementing crypto-based zero trust.
Using this technique, along with timestamping, ensures the absolute integrity and authenticity of every transaction.
Avoiding cybercrime in the financial industry is critical – especially with the impending threat of quantum computing. The standards for digital signatures already provide for crypto agility to allow for the move to quantum resistant crypto algorithms.
The banks implementing this framework ensure that transactions are secure and legitimate at every stage and into the future. This security approach ensures trust, significantly reduces security risks and increases peace of mind for all.
Helping protect high-trust organisations is important to Ascertia. For more information about KYT or KYC, contact our team.