As banking has become highly dependent on technology, protecting data, funds, and systems from various threats has become a top priority. This topic covers the types of security risks banks face and the measures they take to prevent them.
Types of Security Threats
Security threats in banking can be broadly categorised into three main types.
1. Physical Security Threats
- What they are: Threats to the physical premises of the bank, its data centers, and ATMs.
- Examples:
- Theft of computer hardware.
- Fire, flood, or other natural disasters.
- Vandalism of ATMs.
- Mitigation Measures:
- CCTV surveillance in branches and at ATM sites.
- Access control systems (like biometric or card-based entry) for sensitive areas like server rooms.
- Fire suppression systems and other environmental controls in data centers.
2. Internal Security Threats
Threats that originate from within the bank, from its own employees (either intentionally or unintentionally).
- Examples:
- An employee committing fraud.
- An employee sharing a customer’s confidential data.
- An employee unknowingly clicks on a malicious link that infects the bank’s network.
- Mitigation Measures:
- Maker-Checker (Four-Eyes Principle): A critical control where one person initiates a transaction and a second, senior person authorises it.
- Principle of Least Privilege: Employees are given access only to the systems and data that are absolutely necessary for their job.
- Regular training on security policies and procedures.
3. Cyber Security Threats (External Threats)
- What they are: Attacks on the bank’s IT systems and network from outside, using the internet. This is the most significant area of risk today.
- Common Types of Cyber Attacks and Their Mitigation:
| Cyber Attack | What it is | Mitigation Measure |
| Phishing | Fraudulent emails or websites designed to trick customers into revealing their passwords, PINs, or OTPs. | Customer education and Two-Factor Authentication (2FA). |
| Malware/Ransomware | Malicious software that can steal data or lock up the bank’s systems until a ransom is paid. | Anti-virus software, regular software updates, and employee training. |
| Denial-of-Service (DoS) Attack | An attack that floods the bank’s website or servers with so much traffic that it becomes unavailable to legitimate users. | Firewalls and specialized DoS protection services. |
Export to Sheets
Key Security Technologies and Roles
- Firewall: A network security device that acts as a gatekeeper. It monitors and filters incoming and outgoing traffic, blocking unauthorized access to the bank’s internal network.
- Encryption: The process of converting data into a secret code to prevent unauthorized access. When you use internet banking, your data is encrypted between your computer and the bank’s server.
- Two-Factor Authentication (2FA): A security process where a user must provide two different authentication factors to verify their identity.
- Example: When you log in to net banking, you enter your password (first factor) and then an OTP sent to your phone (second factor).
- Chief Information Security Officer (CISO): A senior-level executive within the bank who is responsible for the overall information security of the organization.
Summary
Bank security is a multi-layered concept that includes protecting physical assets, managing internal threats from employees, and defending against external cyber attacks. The most critical operational control within a bank is the Maker-Checker principle. To combat cyber threats, banks use a combination of technologies like firewalls, encryption, and Two-Factor Authentication (2FA). Given the increasing sophistication of cybercrime, banks must constantly update their security measures and educate both their employees and customers to protect sensitive financial data.
Quick Revision Points
- Three Threat Types: Physical, Internal, and Cyber.
- Maker-Checker: The Four-Eyes Principle to prevent internal fraud and errors.
- Phishing: Tricking users into revealing credentials. Mitigation is 2FA and customer education.
- Firewall: The gatekeeper of the network.
- Encryption: Scrambling data to keep it secret.
- 2FA: Two factors of authentication (e.g., Password + OTP).
- CISO: The head of information security in a bank.