Wednesday, December 19, 2018 10:54:41 PM
Silvia Baur-Yazbeck :
Few experiences undermine a digital financial services (DFS) customer's finances and trust in DFS like becoming the victim of a cybercrime. This is especially true of low-income customers, who are least able to rebound from the losses, and of the newly banked, whose trust in financial services may be fragile.
Unfortunately, cybercrime is a growing problem in developing countries, where customers often conduct financial transactions over unsecure mobile phones and transmission lines that are not designed to protect communications. In Africa, the number of successful attacks against the financial sector doubled in 2017, with the biggest losses hitting the mobile financial services sector. DFS providers must adopt stronger cybersecurity measures to protect themselves and their customers. But which threats pose the greatest risk today?
In 2017, CGAP surveyed 11 DFS providers operating in Africa to understand how they perceive and mitigate cyber risks. We learned that all of them have been affected by cybersecurity incidents and are at various stages of implementing cybersecurity measures in their organizations.
While they are still most concerned about better-known types of fraud in DFS, such as malicious employees and agents, they are seeing themselves confronted with four types of risks emerging in cyberspace.
In a social engineering attack, the criminal tricks the victim into revealing sensitive information or downloading malware, which opens the doors to physical locations, systems or networks. The idea is to exploit a vulnerable person rather than a vulnerable system. DFS providers from Ghana, Kenya, Tanzania, Uganda and Zambia told us that fraudsters had duped their employees into sharing their user login details and then accessed corporate information systems. Most DFS providers consider careless or unaware employees to be a major factor in their organization's cyber risk exposure.
But DFS customers are a vulnerability, too. The newly banked are more likely to fall victim to this type of scheme because of their limited experience with digital fraud. Providers can guard against social engineering through regular awareness and education campaigns. It is also important to appropriately manage user access rights, introduce system log monitoring processes and require two individuals for completing sensitive transactions (i.e., maker-checker controls).
Using malware or social engineering, hackers can gain access to valuable information, such as credit card numbers, customer personal identification numbers, login credentials and government-issued identifiers. Weak patch management, legacy systems and poor system log monitoring were cited as the main reasons why DFS providers' systems are susceptible to hacking attacks. In addition to financial losses that can result from a data breach, providers' reputation and customers' trust are at risk. In 2017, thieves breached a DFS provider's systems in Kenya and stole hundreds of customers' identities.
The fraudsters accessed sensitive customer information, such as account types and last transactions, which allowed them to pass as legitimate customers and apply for loans in the victim's name. To protect against data breaches, DFS providers need to regularly update their systems and software, patch their systems, use strong encryption for data at rest and in transit and implement 24/7 system log monitoring.
Outages & denial of service attacks
DFS providers sometimes experience system outages during routine system upgrades or patches. Earlier this year, an upgrade gone awry left DFS users in Zimbabwe without access to their digital money for two days. Systems unavailability can also be the result of a cyberattack. For example, in 2017, M-Shwari customers in Kenya were left without access to their savings and loan products for five days. And, after the outage, several found inconsistencies in their account balances. The most frequent form of attacks that cause system unavailability are denial-of-service attacks.
In a denial-of-service attack, cyber criminals overwhelm a server by flooding it with simultaneous access requests, depriving legitimate users of access to the system.
In most cases, the objective is to harm the business. Yet, in some cases, cyber criminals have launched denial-of-service attacks to distract attention from an attempt to gain access to the system.
Effective countermeasures include continuous network traffic monitoring to identify and detect attacks while allowing legitimate traffic to reach its destination, a solid and tested incident response plan that allows for quick reaction in an emergency and strong change management processes and disaster recovery planning.
DFS providers rely on third parties for a range of services, such as mobile network, information technology and data storage solutions. Sometimes, these providers misuse their system rights to access confidential customer information that they can sell or use for social engineering.
Also, a third party that handles sensitive information may not have appropriate safeguards against cyberattacks, putting at risk the confidentiality and integrity of the DFS provider's customer data. To address third-party threats, DFS providers should implement due diligence reviews of current and potential partners, including reviews of their security policies and practices.
Impact on low-income customers
If physical money used to be kept safe in bank vaults, what is protecting money now that it is digital? This is a financial inclusion question because the answer is especially important for low-income customers. In developed countries, it is usually the financial services provider that is legally responsible for bearing the cost of fraud. In developing countries, it is often the customer.
The experience of fraud and rumors of fraud experienced by others causes mistrust in DFS, especially among lower-income consumers. The DFS providers we spoke with in Africa recognize their need to invest more in cybersecurity for both themselves and their customers.
They acknowledge that better safeguards are needed to mitigate threats and be better prepared to respond to incidents. Failure to take the relevant steps could deter people from entering the formal financial system and significantly harm consumers and markets.
Adult film star-turned-Bollywood actor Sunny Leone, who is often a target of sexist and disparaging remarks by people, says she is disturbed when "nonsense" gets highlighted."I always try to push negativity aside, but there are some things which I can't because I am also a human and I have feelings."I ...
AP, Australia :Australia trounced India by 146 runs in the second Test to level the four-Test series 1-1 on the final day on Tuesday.Needing 287 runs to win, India resumed the day on 112-5 and was all out in a hurry for 140 in the second innings, and Australia was ...
AP, St. Petersburg :The women's tennis tour approved rule changes Monday that are meant to ensure players are not penalized after they return from pregnancy or an injury that causes a long absence.The changes were prompted, in part, by the experiences of former No. 1 players Serena Williams and Victoria ...
NEW United States ambassador in Dhaka Robert Earl Miller said that his country expected the upcoming December 30 elections in Bangladesh to be free, fair and credible as he paid a courtesy call on Prime Minister Sheikh Hasina. The US Ambassador informed the PM that his country would send 32 ...
CNN, Washington :Washington (CNN)Former FBI Director James Comey slammed Republicans on Monday for not speaking out against President Donald Trump's attacks on the FBI and strongly defended the agency's conduct, following his second round of questioning at a closed-door congressional interview."Somebody has to stand up and speak for the FBI," ...
Entertainment Report : In the beginning of current year popular singer Ankhi Alamgir performed in Utsab at Jodhpur Park in Kolkata. In the meantime, she also went to Kolkata for several times. On December 14, she got the opportunity to perform as a leading singer of Bangladesh at outdoor pool ...
Mustafizur Rahman has made a big leap to enter into the top five ranks of ICC ODI bowling rankings. Other Bangladeshi players have also made progress in the rankings after the end of Bangladesh-Windies ODIs.The Fizz moved five places to no.5 in the rankings. He has career-best 695 points against ...
MALAYSIAN Prime Minister Mahathir Mohamad on Sunday asked the ASEAN nations to take tough measures for creating pressure on Myanmar and its de facto leader Aung San Suu Kyi to end atrocities against the Rohingya Muslims. More than 720,000 Rohingyas have fled Myanmar's strife-torn Rakhine State to Bangladesh since August ...
AP, Srinagar :Soldiers and police fanned out across Indian-controlled Kashmir on Monday to enforce a security lockdown for a second straight day to stop anti-India protests and foil a call by separatists for a march toward India's main military garrison in the disputed region.Government forces patrolled streets in the region's ...
AP, New Zealand :Tim Southee took 5-67 as New Zealand exploited an influential toss to contain Sri Lanka to 275-9 Saturday on the first day of the first cricket Test at the Basin Reserve.A late unbeaten half century by wicketkeeper Niroshan Dickwella helped swing the day a little in Sri ...