Banks have spent years perfecting the physical security- secure handling of tangible wealth. Every step of progress criminals have made in stealing that wealth has been addressed by improvements in physical security and the practices surrounding storing and transferring wealth. Banks have invested in strong rooms and armed guards. Wealth is no longer directly tied to tangible assets, as it once was.
The recent successful bank attacks have demonstrated a host of significant issues for the sector.
- An ability to compromise a wholesale payment origination environment, bypassing information security controls
- A capability for hackers to use valid operator credentials to create, approve and submit messages
- A sophisticated understanding of funds transfer operations and operational controls
- The use of highly customized malware to disable security logging and reporting, as well as other operational controls to hide fraudulent transactions
- The capacity to transfer stolen funds rapidly across multiple jurisdictions to avoid recovery
To be continued….