COSMOS BANK FRAUD: WARNING TO BANKERS, REGULATORS AND CARD HOLDERS and Challenge to TECHNICAL EXPERTS

Last week one of the bank in South Asia became target of large scale fraud where thousands of consumers lost money. Some 12000 plus ATM transactions were done by hackers within 133 minutes. Such mass fraud transactions were done in short time across 28 countries. International fraudsters by-passed banking security system, may be through clone ATMs or breaking firewalls or using proxy servers. Its matter of investigation, but it is warning to banks, regulators and users. Technology is constantly required to change for proper security. Technicians and bank executives work for a shift in 5 days a week (minus various kind of leaves and holidays), but fraudsters works for three shift, 365×24, without any leave or holiday.  A secured system get matured once fraudsters become master of the protocols.  They can break technical and human chain responsible for secured transaction. It is a challenge for technical experts to devise a unique unbreakable control system. To make it difficult to hack, technicians should think on storage of data under separate control of bank (or service provider) and user. User’s unique feature can be added to access system like biometric necessary beyond a limit of amount or number of transaction per period or distance. The challenge is complex as additional checks should not result into hardship. The user may be asked to provide usual area of operation of ATMs or internet banking. Therefore, if transaction occurs outside the area defined, system can disallow access or seek additional approval/detail /authenticity.  The fortune of users came to rescue even a bigger loss, as system detected unusual transaction, and this information when passed to bank, they stopped all transaction after 133 minutes.  In time to come, scientist and management expert will find few ways to mitigate fraud till fraudsters get rid of such additional controls! Another food for thought: Cryptography is sound basis for security, but can dynamic password be developed over cryptography? Currently complex password with upper/lower alphabet, number and typical signs in various combination is used. One or some number or alphabet or signs can be changed base on some logic on regular basis, based on day/date/sequence of transaction etc. This mechanism allows separate layer and store of data among different person/place.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s