Editorial

‘Systemic’ risk

| Updated on August 24, 2018 Published on August 20, 2018

With cyber-attacks on the rise, banks need to increase investments in tech and processes

The fraud of over ₹94 crore at the Pune-based Cosmos Co-operative Bank, involving the breach of the firewall in servers that authorise ATM transactions, has once again raised questions over the efficacy and adequacy of security measures in Indian banks. True, the fraud at Cosmos Bank was part of a highly orchestrated global fraud by cyber criminals. But the fact that the co-operative bank had fallen prey to a massive attack that involved fraudsters compromising payment systems across the world, cannot be used as an excuse to downplay the gravity of the incidence. If anything it has laid bare the vulnerability of banks in India — not necessarily just the smaller banks — to such ingenious cyber-attacks.

From what is known, at the heart of the Cosmos fraud was the setting up of a proxy switch to approve fake transactions. A switch normally authenticates the card information and also connects to the bank’s Core Banking Solution (CBS), before dispensing the cash at ATM. In the case of Cosmos, the fraudsters had developed a proxy switch that bypassed all these checks and authorised fraudulent transactions. The SWIFT system — a messaging network for securely transmitting instructions for financial transactions — was also compromised to transfer money fraudulently to banks outside. With data suggesting that co-operative banks and smaller financial institutions are not spending much on cyber security and security systems, it is clear that they are likely to fall prey to more such cyber-attacks. Earlier this year, City Union Bank’s SWIFT had come under attack, and nearly $2 million was transferred to three banks abroad. But it is not just smaller players that have been tardy in tightening their security systems. The gaping lapses in the control measures at larger commercial banks have been on the RBI’s radar for some time now. Shockingly, about 30 per cent of the 2 lakh-odd ATMs in the country still operate on Windows XP and other unsupported operating systems. Industry players suggest that around 40,000-odd ATM machines need immediate upgradation. Clearly, others — even large commercial banks — could fall prey to cyber-attacks.

With the shift to digital in banking transactions, gaining pace, massive breaches can happen at multiple levels. Banks hence will have to up their ante to offer a more reliable and secure environment. Above all, there is an urgent need for spring cleaning governance, risk management and processes at banks. At the core of nearly all frauds — even the ₹14,000-crore heist at PNB — lies the involvement of insider officials who game the system. In case of co-operative banks in particular, it is time that the 2015 recommendations of the committee constituted by the RBI, on conversion of Urban Co-operative Banks into joint stock or small finance banks, issue of fresh licenses and constitution of boards of management are reviewed.

 

Clarification from Hayden Allan, Deputy Head of Corporate Affairs, SWIFT:

 

With reference to the editorial 'Systemic' risk, Hayden Allan, Deputy Head of Corporate Affairs, SWIFT writes: 

The editorial currently states: “In the case of Cosmos, the fraudsters had developed a proxy switch that bypassed all these checks and authorised fraudulent transactions. The SWIFT system — a messaging network for securely transmitting instructions for financial transactions — was also compromised to transfer money fraudulently to banks outside.”

However, SWIFT has no indication that its network and core messaging services have ever been compromised – it is really important to be clear on that point.

What we have seen in previous incidents is that customers suffer security breaches within their local environments. Once the attackers have targeted and compromised their environments, they go on to exploit vulnerabilities in banks funds’ transfer initiation environments – they steal credentials, create fraudulent messages and initiate the funds transfer process, by sending messages over the SWIFT network.

One way of phrasing these lines more accurately would be: In the case of Cosmos, the fraudsters had developed a proxy switch that bypassed all these checks and authorised fraudulent transactions. The fraudsters used Cosmos’ access to the SWIFT system — a messaging network for securely transmitting instructions for financial transactions — to send messages and transfer money to other banks. 

Similarly, later in the article there is a line saying: “Earlier this year, City Union Bank’s SWIFT had come under attack, and nearly $2 million was transferred to three banks abroad.”

Again, it is not SWIFT that has come under attack, rather banks that are connected to the SWIFT network.

This would be better phrased as: Earlier this year, City Union Bank came under attack, and nearly $2 million was transferred to three banks abroad.

 

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

Published on August 20, 2018
This article is closed for comments.
Please Email the Editor