SMEs: Internet Banking
Maxim Solntsev, SDM-BANK CEO.
There is a common belief that the Internet is all full with defrauders and hackers waiting for the right moment to steal your money. It is quite hard to catch the criminals, and it is sure easier to prevent this kind of break-in situations from happening.
Big companies pour big money into internet security systems, but what can a small company with no IT-professionals on staff and no means to afford a high-priced software do to secure itself when operating on-line?
— One of the major risks small enterprises bear is Human Factor. As a matter of fact, the majority of these companies end up dealing with “fishers” just because their personnel are not careful enough.
— Oftentimes, accountants in these companies work from home and use non-secured networks. Their home computer may have books for a number of different companies, and sometimes there is a risk of simply mixing payments up. To cope with that the manager may just not empower anyone with the right of digital signature, and have the billing documents creation and acceptance functions separate from each other. That way an accountant would initiate payment orders, send them to a bank online, and then the manager would put their signature on them.
— Managers in a small company happen to keep digital signature keys and account passwords in some easy-accessible place, which increases the breach risk exposure. The keys to the payment orders acceptance, as well as all the personal data (as those logins, passwords, codes, card numbers and CVV-codes) must be stored by a manager or authorized personnel in a well-secured place.
— These days many banks offer their customers the E-token Pass service. Even if a trespasser manages to acquire an on-line banking access key and a password, they can’t get into the system without the E-token Pass device. This device creates a unique one-time password, which is valid for a limited period of time. The device looks like a Key-Less Entry with the button – when pushing the button the device generates the password, which appears on a small display. The password is then used to access the on-line banking system, and the short-term validity makes the access impossible for the third parties.
— Second-biggest risk to suffer from a trespasser over internet is related to the lack of liaison security. Oftentimes computers used for on-line operations have no firewall, or an out-of-date anti-virus system, and may use shared WiFi networks.
— Any computer used for on-line bank operations must have an up-to-date security system, and the antivirus system on such computer must be properly updated on a timely manner. It must also have no connection to local networks, and all the access to social utility networks or entertainment web-sites must be strongly prohibited. That would help to protect the accounting books from Trojan. A virus penetrates into the computer through the internet and starts intercepting all the data and information input. If not careful, the user himself may end up giving the trespasser all the keys and passwords, and the rest is paperwork.
— Many companies see fishing-protection services that banks offer as a useless thing – and there they are wrong. A service such as SMS transaction notification would help a manager to track down unapproved transactions. Setting withdrawal limits would also help to stave off a stealing – in case of limit exceeded the manager would receive either an email/SMS notification or a call from the bank affirming the transaction. Besides, if the bank finds some transaction suspicious, the manager would be informed right away and asked for further instructions.
— It would also be useful to check the account on a regular basis – this does not take much time, and helps to keep it under decent control.
A rapid development of on-line banking drives a tremendous growth of a number of fishers in this area –for the last year alone the number of those has doubled. According to ESET antivirus specialists 95% of all the Trojan viruses in Russia are intended for bank accounts. A major portion of 2.5bn RUR of criminal money in 2010 came from virus-infected financial operations software.
The volumes look disastrous, but its all not that bad. Indeed, on-line banking does not guarantee a 100% security, but neither do cash operations. IT security specialist note that on-line banking systems can successfully deal with hackers, and money stolen from an account is nearly always the result of client’s lack of attention and neglecting simple security rules when operating on-line. Regular communication with the bank and adherence to some simple rules will help to avoid financial loses.