– Bank accounts at majority of banks in Britain and Ireland are vulnerable to hacking says Financial Times
- Two-step authentication process used by most banks is inadequate
- Vulnerabilities identified similar to those that were used by hackers to steal up to $1 billion across Eastern Europe
- UK regulator says bank customers must be reimbursed, banks are responsible for security
- Highlights risks to deposits and systemic risk should such vulnerabilities be exploited in cyber-warfare or indeed for monetary gain
The vulnerability of banks and the global banking system – reliant as it has become on computer systems, information technology and the internet – was highlighted yet again in an important article in the Financial Times on Tuesday which was largely ignored elsewhere.
The FT reports that it has come into possession of documents and correspondence between the Financial Conduct Authority (FCA) and a cyber security firm, Bronzeye that identify “serious security issues” at British high street banks.
“Britain’s markets watchdog, the Financial Conduct Authority, was warned last July about a loophole in the cyber security of one of Britain’s biggest banks that could give hackers unfettered access to customer accounts,” reports the FT.
Bronzeye identified a weakness in the two-step authentication process used by most banks and reported it to the FCA in July of last year. It is apparently similar to the flaw that allowed hackers to raid up to $1 billion from around 100 banks, predominantly in Eastern Europe.
Bronzeye identified one “large British bank”, the name of which was redacted in the documents, that had “22 critical vulnerabilities”. One of these flaws could “stop the bank in it’s tracks”, according to the firm.
Oddly, the bank refused to work with Bronzeye to fix the problem.
On the surface it would appear that banks customers need not concern themselves with these developments. The FCA has made it clear that banks must absorb the costs of raids on customers accounts by hackers.
“We are focused on ensuring the right outcomes based on our three operational objectives. We expect firms to provide redress for consumers impacted by cyber crime, consumers should not lose out as a result of cyber crime. Management and oversight of the systemic cyber risks lie with the Bank of England and Prudential Regulation Authority supervision,” they said.
While this is encouraging we believe that this story again exposes systemic risks to the banking system. If the accounts of a number of banks were targeted en masse in a coordinated act of cyber-warfare or cyber-terrorism it could severely impact and even disable individual banks and their deposit accounts and indeed the entire western banking system through contagion.
We have covered previously how governments across the world have been infecting the systems of their rivals with malware. Although generally they have not exploited the breaches to date.
It is likely that groups and governments hostile to the West have also identified such simple vulnerabilities in the western banking system but decided it was not in their interest to exploit them … yet.
Recently we pointed out how an international hacking group stole $300 million from bank accounts and how the global digital banking system is not secure . We also pointed out how cyber war poses risk of bail-ins to banks and deposits.
We are not suggesting that readers should dash out and empty their bank accounts. We are simply identifying risks to the system of which people should be aware and that they take reasonable precautions including diversification of deposits and diversification from deposits.
Having all your eggs in a deposit account is no longer prudent.
Academic and independent research and indeed the modern and historical record shows how physical gold is the safest asset-class in the world. An allocation of some of one’s portfolio to physical gold is insurance against technological and systemic risks posed to all virtual wealth today – whether that be digital bitcoin or electronic currencies in deposit accounts.
These risks have never been seen before and yet are largely unappreciated and ignored by brokers, financial advisors and bankers.
Comments
Post a Comment