For the average consumer, hopping online to shop is as commonplace as physically going to the mall. No one thinks for a moment about how relatively unsafe it is to conduct business on the web. But in spite of our years’ long dependence on the web for commerce, it’s still astonishingly easy for cybercriminals to hack web-based transactions.
The reason? Web browsers. The fundamental insecurity of web browsers is arguably the weakest link in cyber security today.
As discussed in a previous blog, the European Banking Authority (EBA) has released the final draft of its technical guidance for PSD2. Articles 4 and 25 of said guidance include mandates for the security of the customer authentication process.
One of the key elements of the authentication mandate is the requirement to use advanced security technology to safeguard all client-to-server communications against interception. In other words, to protect against MitM (Man-in-the-Middle) attacks.
The impact of global cybercrime is shocking: 38.5% of firms have experienced a cyberattack in the past 12 months and 21% of cyberattacks result in costs exceeding €5M. Financial services is arguably the industry most targeted by hackers. As such, these numbers will likely skyrocket as the industry undergoes disruption.
Sci-fi often portrays artificial intelligence (AI) like this: a computer watches people for a while, blinks darkly and decides the solution to the world’s problems is to kill off the human race. Thankfully we are far away from that. But what AI is capable of today is simulating a specific human brain function – such as pattern recognition. And that’s very exciting for security.
AI makes security practical in the open world
The world is now open, causing disruption in many industries and changing the demands on security.
Browser security isn’t a new problem. Apple, Google, Microsoft and Mozilla have put a huge amount of effort into enabling consumers to have a secure browsing experience. But who’s thinking about the web site operators and their secure browsing experience?
Internet trust is dependent on certification authorities; with TLS/SSL being the most commonly used technology for securing electronic commerce transactions online. It’s all about enabling the consumer to access web services and be reasonably confident they know who they are talking to.
We naturally assume banks are safe. But why? From legendary bank robbers: Jesse James or Bonnie & Clyde, banks have always been a target. Today’s bank robbers are cybercriminals. And they are targeting not only the banks but also consumers.
Every couple of months cyber-attacks on banks make the headlines. Be it the Carbanak cybergang’s biggest ever online bank heist, a distributed denial of service attacks on RBS/Natwest or a Polish bank being held to ransom