TechCentralTechCentral
    Facebook Twitter YouTube LinkedIn
    Facebook Twitter LinkedIn YouTube
    TechCentralTechCentral
    NEWSLETTER
    • News

      Load shedding returns, and may last until Thursday

      16 August 2022

      Jo’burg to issue RFP for 500MW of electricity ‘within weeks’

      16 August 2022

      MTN hires outgoing Icasa CEO Willington Ngwepe into top role

      16 August 2022

      Rain in embarrassing climbdown over Telkom statement

      16 August 2022

      Coal miner Seriti plans R12-billion Mpumalanga wind farm

      16 August 2022
    • World

      Semiconductor boom turns to bust

      16 August 2022

      Tencent plans to offload R400-billion Meituan stake: sources

      16 August 2022

      Ether leaps higher on verge of Merge

      16 August 2022

      Institutions eye crypto but retail investors remain nervous

      15 August 2022

      Tencent woes mount, even after $560-billion selloff

      12 August 2022
    • In-depth

      African unicorn Flutterwave battles fires on multiple fronts

      11 August 2022

      The length of Earth’s days has been increasing – and no one knows why

      7 August 2022

      As Facebook fades, the Mad Men of advertising stage a comeback

      2 August 2022

      Crypto breaks the rules. That’s the point

      27 July 2022

      E-mail scams are getting chillingly personal

      17 July 2022
    • Podcasts

      Qush on infosec: why prevention is always better than cure

      11 August 2022

      e4’s Adri Führi on encouraging more women into tech careers

      10 August 2022

      How South Africa can woo more women into tech

      4 August 2022

      Book and check-in via WhatsApp? FlySafair is on it

      28 July 2022

      Interview: Why Dell’s next-gen PowerEdge servers change the game

      28 July 2022
    • Opinion

      No reason South Africa should have a shortage of electricity: Ramaphosa

      11 July 2022

      Ntshavheni’s bias against the private sector

      8 July 2022

      South Africa can no longer rely on Eskom alone

      4 July 2022

      Has South Africa’s advertising industry lost its way?

      21 June 2022

      Rob Lith: What Icasa’s spectrum auction means for SA companies

      13 June 2022
    • Company Hubs
      • 1-grid
      • Africa Data Centres
      • Altron Document Solutions
      • Amplitude
      • Atvance Intellect
      • Axiz
      • BOATech
      • CallMiner
      • Digital Generation
      • E4
      • ESET
      • Euphoria Telecom
      • IBM
      • Kyocera Document Solutions
      • Microsoft
      • Nutanix
      • One Trust
      • Pinnacle
      • Skybox Security
      • SkyWire
      • Tarsus on Demand
      • Videri Digital
      • Zendesk
    • Sections
      • Banking
      • Broadcasting and Media
      • Cloud computing
      • Consumer electronics
      • Cryptocurrencies
      • Education and skills
      • Energy
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Motoring and transport
      • Public sector
      • Science
      • Social media
      • Talent and leadership
      • Telecoms
    • Advertise
    TechCentralTechCentral
    Home»Opinion»Are banks doing enough to secure your data?

    Are banks doing enough to secure your data?

    Opinion By Schalk Nolte18 April 2016
    Facebook Twitter LinkedIn WhatsApp Telegram Email

    schalk-nolte-180Despite some consolidation in the African banking market, most of the banks we speak to remain confident about future opportunities on the continent. However, we have noticed security steadily making its way towards the top of the agenda for bank executives, and rightly so.

    Africa’s relative lack of infrastructure is both a blessing and a curse for banks. While access to traditional services is still a challenge, innovation in technology can offer big opportunities. Mobile has become the de facto means of banking in many parts of Africa and, as mobile penetration — particularly smartphone penetration — increases, this is allowing banks to connect with more of the population than ever before, and to do so in a more targeted, personal way.

    A study looking at trends in banking in sub-Saharan Africa, released in June 2015 by the European Investment Bank, noted that the region leads the world in mobile money accounts. Although only 2% of adults worldwide have a mobile money account, in sub-Saharan Africa, the figure is 12%. Although the base is still low, financial inclusion through mobile is growing fast.

    While this is encouraging for the continent and the banks involved, banking CEOs are increasingly concerned about systemic risk and, more importantly, about the growing risk of cybercrime.

    The Kenyan government alone is losing KSh5bn (R725m) yearly on cybercrime and the number is expected to grow. In fact, in March last year, 79% of African banking executives surveyed by PwC saw cyber risks as an inhibitor to growth.

    This is not surprising. Globally, security is too often seen as a grudge purchase, and is brought in as a last resort and, even worse, often after a critical breach has already taken place. This can cause serious reputational damage to the banking and payments ecosystems.

    Complacency around the security technology employed to authenticate a customer in particular is still rife. Despite all the international best practice, many banks still seem comfortable with using one-time password (OTP) technology as their primary means of authenticating their customers. Technology, one must add, that is already decades old.

    Back in 2012, Australian mobile operators warned their local banks that SMS was not secure and urged them to re-look at how they protect their customers. At the time, Communications Alliance CEO John Stanton said it plainly: “SMS is not designed to be a secure communications channel and should not be used by banks for electronic funds transfer authentication.”

    This is not the end of the challenge. Many banks have shifted to two-factor authentication (where users have a password and make use of a token or phone as the second factor), but Gartner warned back in 2009 that any two-factor authentication relying on a browser can be beaten. The company went on to suggest banks make use of a fraud prevention approach that uses stronger authentication, fraud detection and out-of-band transaction verification.

    Over the years, there has been a marked rise in man-in-the-middle attacks and these are receiving particular attention from African security analysts. These are best described as attacks criminals designed to secretly intercept and possibly tamper with messages between two parties who believe they are communicating only with one another. Many unsuspecting banking clients have become victims of phishing attacks through clicking e-mail links, downloading fake or altered mobile apps or through the use of unsecured public Wi-Fi connections.

    cybercrime-640

    This is a real challenge for banks. They do work to educate their clients on safer browsing habits, but this is simply not enough. Banks must take responsibility for securing financial or personal data. The same is, of course, true for all organisations that hold sensitive information. Regulations around this are growing incredibly onerous and, if companies can’t guarantee they are protecting the consumer, they will be subject to very hefty penalties.

    Not only a compliance challenge

    If banks want to improve their bottom line, they must own the channel through which they communicate with their clients. This channel is the proverbial goose that lays the golden egg. In a downturn economy especially, financial institutions are developing and rolling out incredibly innovative new products. This is all pointless, however, if the end user — the client — doesn’t trust your technology enough to complete a transaction.

    Criminals are constantly evolving and refining the ways they access data and funds. If banks want to ensure they can leverage the mobile channel for increased profits, they cannot afford to be complacent about security. Criminals are thinking three steps ahead. Shouldn’t our banks be doing the same for their clients?

    • Schalk Nolte is CEO of Entersekt
    Entersekt Schalk Nolte
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email
    Previous ArticleLet them eat cake (but not broadband)
    Next Article Inside Africa’s electricity crisis

    Related Posts

    No reason South Africa should have a shortage of electricity: Ramaphosa

    11 July 2022

    Ntshavheni’s bias against the private sector

    8 July 2022

    South Africa can no longer rely on Eskom alone

    4 July 2022
    Add A Comment

    Comments are closed.

    Promoted

    HPE SimpliVity: addressing SMBs’ data conundrums

    16 August 2022

    Digital transformation – don’t get caught unprepared

    16 August 2022

    Seven reasons your business needs IP surveillance cameras

    15 August 2022
    Opinion

    No reason South Africa should have a shortage of electricity: Ramaphosa

    11 July 2022

    Ntshavheni’s bias against the private sector

    8 July 2022

    South Africa can no longer rely on Eskom alone

    4 July 2022

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2022 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.