Banks in the region are realizing the importance of online transaction security but not many have taken steps to address this, according to a new study.
ReadiMinds, which released the survey results, said in a statement Thursday that over 25 percent of banks in Asia have been targets of phishing attempts in the past year. Headquartered in Singapore, ReadiMinds provides security software targeted at financial institutions.
Conducted this month, the survey covered banking institutions in Bangladesh, Cambodia Hong Kong, Indonesia, Malaysia, the Philippines, Singapore, Sri Lanka, Taiwan, Thailand and Vietnam. ReadiMinds did not disclose to ZDNet Asia the number of respondents.
Some 20 percent of banks in the region have implemented stronger online security--in the form of two-factor authentication (2FA)--and the trend is growing, said ReadiMinds. Software-based 2FA is becoming the preferred mode of second-factor authentication, over hardware tokens.
In addition, only 20 percent of financial institutions surveyed had a formal plan to heighten customer awareness against online fraud and identity theft.
Adopting a risk-based approach
A ReadiMinds spokesperson told ZDNet Asia in an e-mail Thursday that most banks have currently not adopted a risk-based approach toward online transactional security. For example, the systems do not factor in the country from which the customer is making a transaction, or the transaction amount.
"They (the systems) follow the same process irrespective of whether you are undertaking the banking transaction from Singapore or Nigeria, or whether you are transferring $200 or $1,000," the spokesperson said.
Applying risk-based transaction authorization, fraud detection and strong user authentication are key to a holistic approach to transaction security, said ReadiMinds.
According to the survey, over 30 percent of banks that have recently implemented stronger online security had adopted a risk-based approach.
Play video
Data theft, breach, online security
There is something that is helping a lot of people, judging by the business blogs I've been reading. It's a defined eCulture called 'The Business-Technology Weave' - it helps to influence employee behavior and morale. The book I.T. Wars: Managing the Business-Technology Weave in the New Millennium is the leading voice, and concentrates on the solution--it helps to influence employee behaviour as regards security, use and integrity of data--as well as protection of hard assets (such as laptops).
The book I.T. Wars is the leading voice, and concentrates on the solution – a proactive treatment and training of people, and reinforcements to their corresponding security awareness. I'd love to see a feature that includes this author's viewpoints - this is relevant: www.businessforum.com/DScott_02.html . Some good stuff here too: www.david-scott.net . We use his book at work - stupid mistakes like deleted and misplaced data have dropped tremendously. Our CEO even requires our vendors to read it.
Posted by John Franks on Friday, June 27 2008 09:12 PM