Comments
Payment security specialist SISA has suggested an eight-point action plan for banks and financial institutions to prevent cyber attacks like the recent one at Cosmos Bank. It has also advised account holders to be more vigilant about transactions in their accounts.
SISA feels that it is not the software that failed in the case of Cosmos Bank, but there were no security measures, which resulted in the fraud.
“Technology is the enabler, but security also has to be given high importance. Banking institutions in the country need to start focussing on effective implementation of the data security standards such as PCI-DSS and PA-DSS,” Dharshan Shanthamurthy, CEO, SISA Worldwide, told BusinessLine .
Last week, Pune-based Cosmos Co-operative Bank reported fraudulent withdrawals amounting to ₹94 crore due to cyber attacks, including malware attack, on its debit card payment system and SWIFT transaction.
It said about ₹78 crore was withdrawn through various ATMs located across 28 countries, including 12,000 Visa card transactions. In the same way, the bank said about ₹2.50 crore was withdrawn through 2,800 debit card transactions in India at various locations, and ₹13.9 crore was transferred through SWIFT (Society for Worldwide Interbank Financial Telecommunication) transaction.
Authentication
Now, to avoid such incidents, SISA has formulated an action plan that banks can implement proactively to secure the payment switch application and network environment.
The plan suggests enabling multi-factor authentication for users to log in to the Switch application server.
It also proposes that IP (internet protocol) table be enabled to provide access to only authorised systems to the switch server, and reset the password of all privileged users in the Switch application server.
It has advised the institution to reach out to their Payment Forensic Investigator (PFI), authorised by the payment brands and listed on the PCI Council website, within 24 hours of any suspicious activity.
The plan also talks about conducting a credential-based vulnerability assessment scan. A non-credential-based vulnerability assessment scan has limitations in identifying all the vulnerabilities present in the servers or network components.
When asked what account holders should do apart from changing the password at regular intervals, Shanthamurthy said: “They need to keep a constant check on their transactions and report to their bank in case of any transaction not made by them.” It is also advised that one should not use public computer or even hotel wi-fi to do bank transactions.
Comments
COMMENT NOW
Comments
Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.
We have migrated to a new commenting platform. If you are already a registered user of TheHindu Businessline and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.