This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Uncategorized

ABC Bank

dennis koome 23 Apr 2024

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

GET YOUR PRICE

writers online

 

 

 

 

 

 

ABC Bank

 

Name

Institutional Affiliation

 

 

 

 

 

 

 

 

 

 

 

Executive summary

Research shows that banks have been experiencing high growth; hence new customer account enrollments have also been increasing rapidly. For this reason, account takeover attackers find financial institutions like banks to be the prime targets. The attackers find data breaches in banks to be a lucrative business as they can use the stolen information to engage in money laundering, money mulling, and account draining. Account takeover attackers believe that financial institutions’ data or information is for legitimate users, thus assurance to get financial benefit. This report has provided some solutions that ABC Bank can use in detecting large scale account takeovers at the attempt of unsuccessful login and stop them before causing further damage. Anti-money laundering solutions and two-factor authentication codes such as out-of-band authentication are recommended solutions that ABC Bank can implement to prevent and detect account takeovers.

 

 

 

 

 

 

 

 

 

 

Table of Contents

Executive summary

1.0 Problem statement

2.0 Key requirements to address problem

3.0 Key research findings

4.0 Solution options

4.1 Two-factor authentication

4.2 Anti-money laundering Solution

5.0 Conclusion

6.0 References

 

 

 

 

 

 

 

 

 

 

 

 

1.0 Problem statement

Online fraud has become one of the major risks that firms nowadays faced in the global business environment. With the increase of new technological advancement, organizations increasingly face risks associated with cyber threats and vulnerabilities. These cyber-threats and exposures can cause significant damage to organizations. In essence, they can interfere with the computer system of a company and thus affects its normal operation and function (Richie, 2015). As a result, an organization needs to adopt appropriate measures and strategies to ensure that they are protected from cybercriminals.

Account takeover is a major problem experienced by many banks and financial institutions. Given that ABC Bank is experiencing high growth and a rapid increase in new account enrollment, it is likely to face huge account takeover risks. Although it is good for banks and other businesses to experience high growth, it is also an opportunity for account takeover, which exposes businesses to significant security risks. With the bank’s growth, the management must consider developing appropriate strategies to counter the cyber-attack (Silverman, 2016). This is because cybercriminal activities can compromise the accounts containing financial or other valuable data and information. These accounts should be kept private and confidential to the organization. The bank needs to trust the customers’ personal information since they belong to legitimate users. Therefore, the bank should come up with an appropriate solution to counter the chances of a cyberattack.

2.0 Key requirements to address the problem

To address the company’s problems due to an increase in the number of customers and the associated threats, it is important to identify the key requirements to solve the issue. One of the requirements is to identify the information and communication system that the organization uses. Arguably, cyber-attacks normally target a company’s information system since they are interested in accessing and using important data for their personal benefits (Adler et al., 2015). As a result, the company should engage in a comprehensive effort to identify the information technology infrastructure that the organization uses. This can include servers, routers, network servers, nodes, computers, and laptops. In essence, it is necessary to identify all the organizational assets that can be at risk of attack by cybercriminals. The organizations’ assets normally contain important information and materials that can have an adverse impact on the company.

The other requirement is to determine the main vulnerabilities and threats of the organizations. There are basically various cyber threats and attacks that can compromise the information system of the bank. Given that the vulnerabilities and threats vary from one to another, it is necessary to assess their nature and impact to determine the appropriate strategy that should be applied to reduce the impacts of the cyber attack (Agelidis, 2016). This should involve identifying the security gaps that exist in the bank and identifying the appropriate measures that should be taken to reduce their impacts. The other requirement is to put in place the information system security management group. The information security management department should be solely responsible for developing appropriate strategies to counter cyber-attacks. It should consist of employees with adequate knowledge of information technology and management. The team should be independent and responsible for overseeing the information system’s operation, identifying the potential threats and responsibilities, and developing effective business strategies before they cause potential damage to an organization. The team should coordinate with all the employees to identify and gain the necessary knowledge of cybersecurity and protection.

 

It is also important for the company to engage in adequate training on cybersecurity issues. One major reason that exposes organizations to various security risks is the lack of proper knowledge of security management issues. The majority of the cyber attacks normally occur due to inadequate knowledge of cybersecurity and protection by employees. The bank should embark on a comprehensive training program to make the employees aware of the strategies they can use to reduce cyber-attack risks (Silverman, 2016). This can include educating the workforce on strategies that can be used to identify the various risks and vulnerabilities to the organization. Employees with knowledge in cybersecurity management systems can identify the multiple threats and vulnerabilities that can have an adverse effect on the company’s operation.

The bank should also design appropriate security management policies. The security management policies provide guidelines for using an organization’s information system and avoiding various threats and vulnerabilities. Companies with effective cybersecurity management policies have low risks to cyber-attacks and vulnerabilities (Ramsey, 2016). The security management policies should provide guidelines on how they manage the password and avoid unauthorized access to a company’s communication system, among others. These measures can help the company to reduce its chances of an attack from cyber threats and vulnerabilities.

3.0 Key research findings

The bank’s information technology infrastructure and assets’ assessment indicates that it has high risks of attack by cybercriminals. The account takeover attack is likely to take place in the bank. The investigation shows that the bank exposure to the risks of account takeover is attributed to several factors such as the company’s rapid growth, an increase in the rate of customer enrollment, and the increase in the assets and other information. These conditions offer opportunities for the account takeover attack, which can significantly affect the company’s operation.

The rapid growth of the bank is the leading factor that can expose the business to financial risks. As the bank experience rapid growth in the market, it has to increase its assets and other information infrastructure and facilities. As the company’s assets grow at a rapid rate, it can prove challenging to develop appropriate strategies to handle security threats (Rajagopal & Behl, 2017). Cybercriminals can take such an opportunity to enter into the data system of organizations and cause significant damage, such as compromising the organization’s database system. The account takeover can also cause considerable damage to the customer details and information system. As an example, the account takeover can lead to financial loss to the customers and the organization. This can make the customer lose the organization’s loyalty and trust and affect its reputation and credibility.

The growth in the customer base also can expose the company to huge risks of account takeover. As the number of the customer increases, the organization data and information system will also increase. This implies that it will need an additional security management infrastructure to support its operation. However, the rapid growth in the customer base of the company can shift the focus of the employees and management from IT protection to customer engagement. Such loopholes can provide a perfect opportunity for cybercriminals to attack the organization and manipulate or misuse its essential data and information system.

According to Alpert (2020), fraud relating to account takeover is a significant concern among about 55% of banks’ top executives within the U.S. The account takeover is a big issue for many financial institutions, given that they are the ultimate targets for many attackers. In as much as affected institutions have been trying, it is evident that attackers continue to gain control with account takeover with banks as the top targets.

In many cases of account takeovers, the attackers mainly use malware to exploit a single network entry point to commence the theft. Sometimes fraudsters focus on social interactions to make individuals start revealing account information. It is from such information that fraudsters get access to bank accounts and, in a small window period, takes all the money out of the account. It is estimated that over $4.9 billion have been lost in account takeover incidents and increased to 69% in 2011 (Miller, 2019). Study shows that the increase in account takeover incidents was due to security vulnerabilities in mobile and online and the technology shift. The money that has been lost in such cases is associated with deposit accounts in financial institutions. In the U.S, credit unions and banks realized the implications of the attacks after investing in the Federal Financial Institutions Examination Council compliance to try to stop the growing account takeovers. However, this move is not sufficient to stop the growing account takeovers. Rajagopal and Behl (2017) indicate that many financial institutions, more so banks, have stretched the allocation of resources to fight account takeovers. Yet, the problem is still escalating as cybercriminals are continuously perfecting their techniques that threaten these institutions’ security.

 

Alpert (2020) claims that account takeover fraudsters know the kind of pressure the financial institutions endure and are using technology to study defense mechanisms to develop methods of circumventing them. As is it, the use of advanced bots is an option for fraudsters to take to their advantage for mimicking human behavior so that they can bypass solutions of fraud that need human intervention. If the fraudsters are confronted with a defense mechanism that needs more human response, the attackers change to human sweatshops to counter the challenge at scale. The advancement of technology-enabled fraudsters to develop account takeover attacks on banks that are more sophisticated, which is quickly rewarding compared to ensuing countermeasures. For account takeover attackers, breaking into users’ accounts is increasingly easy due to automation scripts, bots, and continuously refreshed credential leaks are cheaply and easily available. It is worth noting that fraudsters finding economic attack viability to be important so that they can tailor attacks using available resources such as bots to maximize benefits.

Romanosky et al. (2011) indicate that fraudsters are involved in various malicious activities inclusive of account validation, account enumeration, social engineering, and credential stuffing to access users’ information. Social engineering is a common tool that fraudsters find useful in targeting financial institutions since financial institutions like banks do not usually use usernames or email identities. Therefore, this is information on some context that has to be drawn out from true users. On the other hand, phishing is used by attackers to manipulate people into giving personal information or, in some cases, direct them to the fraudulent website so that at a scale, they can obtain identity data. Once identity data has been stolen, fraudsters corrupt digital identities and use the data to organize account takeover attacks on banks on various fronts. First, attackers will engage in account draining once they get complete control over users’ financial accounts. Account takeover attackers’ first goal is to drain all the fund’s users have. Money laundering is another front that fraudsters engage in where proceeds or gains from their criminal activities are transferred in multiple accounts to different accounts. This is done in respect to obscuring and making money appear legit so that fraudsters get ‘clean’ money in return. Money mulling is also an attack where fraudsters are involved in recruiting legitimate users who own active accounts so that when the money is mulling, it is then transferred into their accounts. In other cases, fraudsters choose to use both dormant and active compromised user accounts to transfer money (Taplin, 2018). Account takeover attackers sometimes engage in credit application with the stolen identity data to maximize their financial benefit. This means that the fraudsters pose as legit account owners and apply for credits such as loans. Fraudsters avoid suspicion by holding on to the compromised accounts for several months before embarking on fraudulent activities to make it difficult to identify the crime.

The fraud landscape continues to grow rapidly with a surge in social engineering manipulations, credit card fraud, and application fraud. However, Garrie and Byhovsky (2017) acknowledge that the financial service and banking sector is experiencing a new type of threat known as cross-channel fraud. This is an advanced attack method that involves fraudsters stealing users’ personal information and credentials from one channel to commit fraud in other associated channels. It is claimed that multi-channel financial services and banking have worsened the problem since cybercriminals have resorted to using advanced techniques to attack vulnerable channels and steal personal information and money from other related platforms. Cases of cross-channel fraud entail a fake deposit money transfer or mule account, which is then withdrawn from the automated Teller Machine (ATM). The main problem is that financial services and banking institutions are experiencing is respect to the weakest link in their security posture, which is the human factor. For many banks, customers assume that their banks have high-level security policies and safeguards. Therefore, customers tend to fail to question the legitimacy of fraudulent calls or messages of social engineering schemes, and they end up giving out their personal credentials.

4.0 Solution options

Protecting and integrating data is the main challenge that most banks have to face. To be effective, ABC bank has to change its perception of big data by noting that it is not about the algorithms that work better but about its willingness to try algorithms on its own data. ABC bank can reduce account takeover attackers’ issues through big data instead of concentrating on its desired outcome. According to Taplin (2018), financial institutions should be accepting the overall outlook on what the big data provides irrespective of their anticipation by being data-driven and data-centric. The ABC bank can consider using data analytics in detecting issues like cross-channel cases suggesting fraud. Cases of cross-channel fraud are deemed to be very complicated, which is well suited to be resolved with big data.

4.1 Two-factor authentication

An in-house solution to thwart account takeover for ABC Bank at an unsuccessful login attempt is two-factor authentication, a crucial method as a financial service provider. Out-of-band, which is a form of two-factor authentication, is considered an appropriate measure to curb account takeovers. With this method, the authentication request is sent via a different communication channel instead of depending on SMS. Out-of-band authentication needs secondary verification through a different communication channel together with a typical password and ID. Graves et al. (2016) suggest that out-of-band authentication is mostly appropriate for financial services institutions such as banks that need high security. This practice makes account takeover difficult, given that two unconnected and separate authentication channels, which attackers have to go through before gaining access.

ABC bank can adopt the out-of-band authentication, whose second method is a practice that needs users first to make calls using registered numbers or respond to phone calls that are automatically generated from the bank. For more security, the bank can consider voiceprint technology for the customers to offer biometric verification. Alternatively, the bank can request users to text a code they are provided after logging in using their smartphones. Ramsey (2016) argues that out-of-band authentication helps secure communication as there is a slight increase in complexity when users log in. Additionally, this method is cheaper to implement compared to complex biometric methods.

There are various ways in which ABC Bank can detect account takeovers besides using out-of-band authentication. For instance, hackers can try to get customers’ phone numbers changed in their accounts with a substitute phone number. Such cases mean that the technology’s effectiveness depends on the bank following strict policies against making any changes without having to transfer money or phone confirmation without additional authorization. Smartphones tend to be a weak link in out-of-band authentication (Agelidis, 2016). In case customers use a single phone for online banking as the one used for SMS authentication, it diminishes the effectiveness of the out-of-band secondary measure. ABC Bank needs to note that out-of-band authentication can only be sufficient if it follows the proper procedures. A token of the software sent to consumers’ smartphones for authentication applications would make the SIM swamp attempt useless. Effective methods include key fobs and biometric solutions, generating random two-factor authentication codes. As a financial institution, ABC Bank can regularly monitor anti-money laundering activities to detect and prevent account takeovers.

4.2 Anti-money laundering Solution

Account takeovers can be detected and prevented using anti-money laundering software that monitors transactions that enable banks to combine customers’ information with their historical information in their account profile. This software can give ABC Bank a broader picture analysis of consumers’ risk levels and predict future activities to generate alerts in suspicious activities. The transactions that the bank can monitor include withdrawals, cash deposit, Automated Clearing House (ACH) activity, and wire transfers. AML monitoring solutions for transactions include profiling customers’ features, blacklist screening, and sanctions screening (Agelidis, 2016). AML has become a regular issue being addressed in many financial institutions as it is perceived as the next integration horizon. The main initial step for institutions using AML integration is defining all risk-management activities’ nature and clarifying responsibilities and roles of security. This will enable ABC Bank to make sure there is clear and complete delineated coverage by its business functions and risks such as fraud or identity theft.

5.0 Conclusion

Account takeover criminals have been mainly targeting financial institutions, especially banks. This is attributed to the rapid growth in the financial service sector, making institutions like banks at higher risk. Attackers depend on the increase of assets and information structures banks have due to their rapid growth. It is argued that cyber-attacks mainly target banks for their information systems with interest to access and use confidential data for monetary benefits. These account takeover attackers commonly use social engineering tools to target banks as they don’t usually have usernames or email identification. Once the fraudsters access personal information, they use it in money laundering, money mulling, and account draining. Over the years, affected financial institutions have tried putting measures that prevent account takeovers, but the attackers also keep improving their attack techniques. In as much as banks can use two-factor authentication methods and AML solutions to detect and prevent account takeovers, it is impossible to say with conviction that the issue will stop in the future.

 

 

 

 

6.0 References

Adler, J., Demicco, M., & Neiditz, J. (2015). Critical Privacy and Data Security Risk Management Issues for the Franchisor. Franchise Law Journal, 35(1), 79-92.

Agelidis, Y. (2016). Protecting the Good, the Bad, and the Ugly: “Exposure” Data Breaches and Suggestions For Coping With Them. Berkeley Technology Law Journal, 31(2), 1057-1078. doi:10.2307/26377781

Alpert, D. (2020). Beyond Request-And-Respond: Why Data Access Will Be Insufficient To Tame Big Tech. Columbia Law Review, 120(5), 1215-1254. doi:10.2307/26921064

Garrie, D., & Byhovsky, I. (2017). Privacy and Data Protection in Russia. Journal of Law & Cyber Warfare, 5(2), 235-253.

Graves, J., Acquisti, A., & Christin, N. (2016). Big Data and Bad Data: On the Sensitivity of Security Policy to Imperfect Information. The University of Chicago Law Review, 83(1), 117-137.

Miller, L. (2019). Cyber Insurance: An Incentive Alignment Solution to Corporate Cyber-Insecurity. Journal of Law & Cyber Warfare, 7(2), 147-182.

Rajagopal, & Behl, R. (2017). Business analytics and cyber security management in organizations. Hershey, PA : Business Science Reference

Ramsey, D. (2016). Cyber Center: Cyber-Security Considerations for Franchisors: Protecting the Brand While Avoiding Vicarious Liability. Business Law Today, 1-5. doi:10.2307/businesslawtoday.2016.07.15

Richie, J. (2015). Tort Trial And Insurance Practice: Data Breach Class Actions. GPSolo, 32(5), 66-67.

Romanosky, S., Telang, R., & Acquisti, A. (2011). Do Data Breach Disclosure Laws Reduce Identity Theft? Journal of Policy Analysis and Management, 30(2), 256-286.

Silverman, D. (2016). Developments in Data Security Breach Liability. The Business Lawyer, 72(1), 185-194. doi:10.2307/26419115

Taplin, R. (2018). Managing cyber risk in the financial sector: Lessons from Asia, Europe and the USA.. London : Routledge

 

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
GET CUSTOM ESSAY
Copyright © 2016
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask