Technology brings security risks

Technology has opened up new markets, new products, new services and efficient delivery channels in the banking industry.

Name them; online electronic banking, mobile banking, points of sales (POS) and internet banking amongst others.

The momentous growth in technology comes with its share of challenges as well.

Today, security issues are a major source of concern for everyone both inside and outside the banking industry.

E-banking has increased the risks two-fold - at times exposing hitherto isolated systems to open and risky environments.

Traditionally, the major security headaches for businesses included shoplifting, employee crime, and burglary.

With the massive developments in the information technology, more sophisticated products are gracing the market but in the same measure so are the fraud cases. We can belittle any form of business security issue.

In fact Timothy Muriuki, the chairman, Nairobi Central Business District Association (NCBDA), captured the mood well when he said, “”NCBDA is concerned that members have to make unnecessary investment in security like hiring more watchmen and installations instead of reinvesting funds to create more jobs.”

The challenge for business security is to fully and effectively identify all of the risks.

Recently, Equity Bank announced it has installed Europay-Mastercard-Visa (EMV) technology in its Automated Teller Machines.

This is meant to enhance the security of the card holders and wipe out the ever increasing number of “e-fraudsters” I’m advised that this EMV card contains a small computer chip, which offers greater memory capacity and improves security for consumers by making it nearly impossible for crooked people to corrupt it.

Early this year, a man was caught trying to perpetuate a fraud in one of local bank’s ATMs and in his custody was a pack of more than 100 bank cards.

As an ardent enthusiast of the point of sales popular with local banks and supermarkets, it worries me.

These POSs are anywhere and everywhere- even the least you expect them making banking flexible and very accessible.

If the figures attributed to the CBK’s Banking Fraud Investigation Department are true, we need to be cautious.

It is alleged that in the first half of last year, the banking industry lost an estimated Sh456.3 million through fraud and Sh186.7 million in attempts.

Indeed the figures may be higher as many banks shy away from sharing such negative information as it puts institutional reputation on the line.

Security breaches may fall into three main categories; those with serious criminal intentions and usually well planned and executed; those by casual hackers; those due to weaknesses of systems.

The common denominator- All of these threats have potentially grave financial, legal and reputational implications.

So what should banks be doing to deal with these emerging threats effectively?

A strategic approach must be adopted, building best practice security controls into systems and networks as they are developed.

Active testing of system security controls must be continuously done.

Like businesses hire watchmen to guard against burglary, today’s agile business must invest in technologically-savvy staff with information security expertise. It is important.

The technology and systems should have capacity to respond to new threats and vulnerabilities and regular review of market place developments.

Ten years ago few local banks had given customers the luxury of withdrawing cash at a teller’s cashbox in a supermarket.

E-banking has brought issue to both the banks and regulators alike.

Certainly there are enough risks but opportunities, and potential benefits for consumers, banks and regulators are immense.

To succeed you must undertake market research, adopt systems with adequate capacity.

The length of the complaints queue to see the bank manager should serve as a wakeup call.

But above all a proactive business should never wait for these repulsive scenes.

Risk management takes the An -Ounce -Of -Prevention principle seriously.

As a customer, learn to keep secure your passwords, popularly known as PIN numbers; ensure you change passwords regularly; grant most limited access to third parties.

Companies need to have a culture of security to prevent abuse of computer systems by insiders and to be on the lookout for attempted hacking.

This reminds me of Clifford Stoll who once said, “Treat your password like your toothbrush.  Don’t let anybody else use it, and get a new one every six months.”

Kihuro is a risk management practitioner at Panafrican Housing Financial institution, Shelter Afrique, in Nairobi. jkihuro@yahoo.com