The security issue in the financial sector has been discussed many times from different angles. Payment and banking systems are vulnerable. While financial institutions are building protection systems, using more and more sophisticated technologies, scammers learn to bypass them. But what is the situation really? Who took the lead today in the confrontation between security experts of financial companies and hackers? Statistics will help us answer this question., supported by expert opinions.
Competition without a winner
Financial fraud is the flip side of technology development. It is impossible to completely eliminate the vulnerabilities of payment and banking systems. Therefore, the main efforts of regulators, financial companies and security experts spend on, to minimize risks. At the same time, cybercriminals are trying to find a way to bypass new methods of protection - as a result, a vicious circle of constant confrontation between attackers and defenders is created..
As soon as the first electronic payment services and remote banking systems appeared, people appeared, ready to take advantage of their shortcomings for selfish purposes. In this regard, the history of PayPal is remarkable.. When the volume of transactions reaches hundreds of transfers per minute, tracking them physically becomes unrealistic. Due to hacker attacks, the company initially lost 10 million. dollars monthly, tells один из основателей PayPal Питер Тиль.
The scammers quickly adapted to the automated protection system and found ways to bypass. I had to create a hybrid of a person and a program - the "Igor" system, by the name of the most active cracker from Russia.
PayPal provides security guarantees today, as a buyer, and to the seller. It does not mean, that fraud in the payment service is excluded. It's just that the company is in the black and can afford to pay for the risks..
In a sense, security is based on the belief in the security of a particular system.. Недавно мы писали о внедрении в России новой технологии tokenizations, which payment systems Visa and MasterCard are actively promoting around the world, beginning with 2014 of the year. Many are sure, that today it is the ideal protection against fraudsters. She will be considered such, until statistics appear, proving otherwise.
Banking service vulnerabilities
so, statistics. The easiest way to assess the level of security in the financial sector, related to electronic payments and transfers, on the numbers. At first glance, this may seem surprising. (especially against the background of regular news about thefts from bank cards), but for Russian users of such systems, there is reason for optimism here. How Told «Ведомостям» генеральный директор Visa в России Екатерина Петелина, the level of security for bank cards in our country remains one of the highest in the world. The number of fraudulent transactions continues to decrease every year.
For 2015 G. the level of fraud was 3 cop. on 1000 rub., falling from 4 cop. Statistics are different. For example, Central Bank Believes, that the number of cases of hacking of bank cards through the network has increased. Although the total number of fraudulent card transactions (first of all, through ATMs) in 2015 year decreased by 27%, criminals are more actively using remote client services of banks.
В свежем Study российских ИБ-экспертов говорится, that in all remote banking systems (RBS), taken for verification, experts discovered vulnerabilities. Majority (39%) of which are identified as low risk deficiencies. Compared to 2013-2014 data, the total share of critical vulnerabilities has significantly decreased (on 14%). In spite of this, the overall level of security of online banks remains rather low (90% RBS have critical vulnerabilities).
Reverse protection
With banking and payment systems, everything, more or less, clear. Security here is a matter of faith and manipulation of different variants of statistics.. What's happening in the stock trading sector?
Мы уже приводили comparison уровня безопасности банков и бирж в плане количества и качества хакерских атак и пришли к выводу, that attacks on stock exchanges and brokerage companies are relatively rare. If in the banking sector hacking and hacking attempts are considered to be already quite commonplace, then every story with an attack on the stock exchange causes a serious public outcry (subject to leakage of information about the incident to the press).
There are no statistics on hacking of brokerage systems in the public domain. But it's worth understanding, that in the event of attacks on exchanges or brokerage companies, it is extremely difficult for hackers to count on immediate earnings. Hackers can exploit stolen information to engage in fraudulent trading, but this is already a rather complex scheme, which not every attacker can do. Most cyber fraudsters prefer to follow the path of least resistance..
Moreover,, thanks to the work of the Central Bank of the Russian Federation, the security system on Russian stock exchanges is built quite well. IN 2015 year, it created its own information security center, actively exchanging information with banks and stock exchanges. The Moscow Exchange was forced into 2016 году полностью перейти на new information architecture и обновить оборудование, to minimize losses from technical failures.
All this is about the security of the system as a whole.. Hack an individual brokerage account, theoretically no more difficult, than a bank. To do this, the attacker needs encryption keys and a password.. You can get them, banally launched into the Trojan system. But it is much more difficult to withdraw and cash out funds..
A fraudster will have to start manipulating securities, which requires completely different skills. But exchanges today limit the maximum allowable range of price fluctuations during one trading session.. That's why, anyway, losses are reduced to small, in relation to the entire amount, percent.
Besides, in order to minimize possible damage, brokerage companies develop various client protection systems. About that, как реализована подобная защита в торговой системе ITinvest MatriXwe will tell you in one of the following posts (кратко об этом можно прочитать по Link).
Ultimately, the complexity of hacking and withdrawing brokerage systems makes such cyberattacks not very profitable for cybercriminals.
A source: https://habrahabr.ru/company/itinvest/blog/308014/
