DUBAI - The incidents like the recent credit card scam that had sent shock waves among millions of bank customers in the region are likely to be on the ascend in the near future, warn the IT experts Tarek Kuzban and Costin Raiv.
Tarek Kuzbani is the Managing Director (Middle East) of Kaspersky Lab which is a Russian IT major while the firm’s chief security expert Costin Raiv. The firm has just released Arabic edition of new anti-virus and Internet security products in the Middle East.
“We believe what we have witnessed recently is probably just the tip of the iceberg. According to our global information, the credit card fraud is on the increase following the general trend of growth that we have seen for cyber crime during the past 4 years. Its impact will be especially devastating in countries where the general security awareness is not high,” Tarek Kuzban and Costin Raiv told Khaleej Times at the region’s mega IT show, Gitex.
“Our global experiences with similar incidents indicate that all the frauds of major proportions seem to be caused by an attack directed at the bank, and not any customer in particular. During attacks that happened in other countries, the cybercriminals got access to the bank’s systems and managed to copy a portion of their cards database, which they later sold in the black market,” they disclosed.
According to them, both the banks and the customers are relatively unprepared for this type of attacks. Customers can easily deflect such attacks through the use of personal security software (such as Kaspersky Internet Security 2009). Banks on the other side need to ensure that the systems connected to the Internet don’t have direct access to the bank’s private financial information, security software such as Intrusion Prevention Systems (IPS) and good patch management. Especially the last point (patch management), since this was used as an entry vector in some of the recent attacks against banking institutions.
Customers must be very careful while they use their cards on the Internet and in handling access information for online banking systems. Most of the recent Trojans are designed to include components which constantly monitor the Internet activity, scanning for things such as credit card numbers, logins and passwords, which are sent in real time to the attackers. It is also important to have a good security suite installed on their computers at work and home, as well as having the latest patches not just for Windows but for all the software installed in the system.
All banks must re-evaluate the threat of cybercrime and take the necessary steps, such as deploying stronger encryption systems for online banking, in order to avoid an even bigger growth in the number of incidents. According to them the banks are generally well versed into handling card fraud, even that of high proportions.
“We believe that in general, the level of information put forward by the bank to its customers that have become victims of the attack is a bit low. On long term, I believe this is probably going to hurt the bank’s business because customers begin to lose trust in the bank, especially if such incidents will recur.” “For example, when the first phishing attacks started to appear in other countries, the banks were simply ignoring them and just refunding the customers in an attempt to avoid bad publicity. After the problem became bigger, the banks have started warning the customers about it which resulted in less phishing attacks as customers became security aware, without any bad publicity for the bank.”
By T. Ramavarman