Security in Banking

Rogue Trading
Internal
Fraud

Attacks
External
Theft

Threats
• Despite what the news covers, the major digital crime war
takes place inside the company rather than from external
sources.

Internal Threats
• Rogue Trader
• A trader who acts independently of others - and, typically,
recklessly - usually to the detriment of both the clients and
the institution that employs him or her. Rogue traders
typically trade in high risk investments which can create
huge losses but also large gains.

Rogue Trading
 Real $ Lost in Rogue Trading

7,500,000,000
6,950,000,000

6,000,000,000

4,500,000,000

3,460,000,000

3,000,000,000

1,780,000,000 1,830,000,000
1,500,000,000
1,500,000,000 1,060,000,000
800,000,000
600,000,000
340,000,000
0
1995, Barings 1995, Daiwa 1996, 2002, Allied 2004,National 2005, China 2008, Société 2008, Groupe 2011, UBS
Bank Bank Sumimoto Irish Banks Australia Bank Aviation Oil Générale Caisse
Corporation d'Epargne

Rogue Trading
• How do they succeed?
• Works individually
• Have vast inside knowledge
• Lack of monitoring
• Only noticeable when significant amount of money is lost
• Controls Failure

Rogue Trading
• Misappropriation
• Includes theft, embezzlement, false accounting and decption
• Unauthorized Trading
• Includes trading beyond mandate
• Mismarking
• Includes entering inaccurate marks or failing to correct
outdated marks, usually as a means to hide losses or create
fictitious gains

Fraud
• Insider Trading
• Includes trading while in possession of material nonpublic
information, providing material nonpublic information to
others
• Corruption
• Includes offering, giving, soliciting or accepting something
of value with intent that it will influence action

Fraud
• Fraud can…
• cause significant damage to a firm’s reputation as well as
considerable financial loss
• occur in any department at any level
• often start small and grow exponentially over time
• often be the result of…
• a motivated, knowledgeable and resourceful individual
• the absence of a strong oversight or an adequate internal
control system

Fraud
 Data Loss Incident
Controls Monitoring Training
Prevention Response

Solutions
• Make sure the right people have access to the right
software, hardware, etc.
• Modern applications make it easy to make approve and
keep track of access rights
• Smartcards can be used as a digital signature to correctly
provide controls on users.

Controls
• Use software that prevents data leakage incidents
including setting up:
• Firewalls, intrusion detection systems, antivirus, etc.
• Software and algorithms to detect unauthorized access
• Encryption
• Prevention of unauthorized copying and sending of
important data

Data Loss Prevention

• Several software solutions are available to ensure the
monitoring of EVERY employee.
• Emails, messaging, device, etc.
• Monitoring of unusual events is also important. For
Example: Employees who don’t take vacation.

Monitoring
• Proper policies guidelines should be placed to ensure a
quick response to security incidents.
• For example: policies and guidelines should be made to
let employees know what to do if a cell phone is lost or if
someone send home a sensitive document
• Applications can be used to easily detect when abnormal
activities are occurring within the network.

Incident Response
• Employees are the first line of defense when security
threats are present.
• Training is extremely essential so employees can detect
and report anything that can negatively effect the
company.
• Providing seminars, lunch and learns, etc. can help
employees with learning.

Training
• External attacks can come from rival banks, activists,
cyber terrorists, etc.
• These threats can make it possible to attack the business
or even steal money or important information.

External Threats
• Global Payments is a credit card processing company
• In March 2012, there was a security breach that effected
between 50,000 to 1.5 million cardholders
• Thieves have had access for an extensive amount of time
• Major credit card companies have removed the company
from their list of card processors.

Global Payments
Malware, Botnets, DDoS

Mobile Physical Social

Attacks
• A term meaning malicious software that includes viruses,
trojans, etc.
• Can be spread throughout systems and networks
• Advanced malware are able to extensively damage a
companies systems and infrastructure.

Malware
• A short name for robot.
• Botnets are able to infect computers and cause them to
perform tasks without detection.
• Criminals have extensive use of a computer in a network
• Can be used to spam, spread even more viruses, and
attack computers and servers

Botnets
• Distributed denial of service
• Prevents a targeted user from using a specific system.
• A method is to flood the system with mass messages to
force the system to shut down.
• Typically, a hacker attacks one system and then
communicates with others to attack and flood systems.

DDoS
• As mobile devices become more popular, the higher
amount of security threats become prominent.
• Malware I shown to target several major smartphone
operating systems
• Attacks against physical infrastructure has become a
possibility with advanced viruses able to attack building
operations like energy.
• Social media has also become extremely popular causing
unsuspecting users to accidentally retrieve a virus from
social networking

Targets
 Phishing Hacking

Identity Human
Theft Error
Theft
• Users are susceptible to phishing scams.
• Thieves pretend they are someone the user knows within
a company and unknowingly provide sensitive
information to the thief.
• One of the biggest issues in banking today.
• Passwords, data, information can be mistakenly sent out.

Phishing
• Prominent issue because of the ability and ease of
learning technologies today.
• Hacker groups have become more popular than ever and
there’s no telling who they will target next.
• Major banks have already been hacked including Citi and
Bank of America where customer information was stolen.

Hacking
• It has become easy for society to unintentionally target
themselves and become a victim.
• People need several devices like a smartphone, laptop,
tablet.
• What happens when someone leaves their tablet in a taxi
or train?

Human Error
Next
Generation Digital Signatures
Technologies
More Power
Firewall
Biometrics
Cloud Convergence

Solutions
• With all the new technological threats coming, the
banking industry needs to stop looking at security as
“insurance” and advance their security to protect
customers and themselves

Conclusion