Banks And Other Organizations Are Susceptible

As we perform our daily rituals, we want to believe the institutions we do business with are foolproof, very dependable, reliable, and very steadfast in what they do. We refuse to believe that at any time they can become very fallible in the processes and procedures they provide us. Unfortunately, the truth is they suffer the same failures as we do, and many times we, the general public do not hear about it. Or if we do, it is many months later.

Recently one of Singapore's largest banks experienced a major information technology outage resulting in its computer system being down for approximately seven hours. The DBS Bank computer systems went off-line, as customers did not have the ability to withdraw from their bank accounts from ATM machines the following Monday morning. A spokesperson for the bank, Jenny Lee, responded in an e-mail, “We were first aware of the situation at 3:00 AM Singapore time and by 10:00 AM all our branches and ATMs were fully online. There is a full investigation into the reason of the problem.”

The downtime affected the DBS Bank commercial and consumer banking systems while at the same time no data was lost while the system failed. As the DBS Bank branches open at 8:30 AM on Monday, the DBS banks were able to accept personal checks that were made out to cash out to a dollar amount equaling $500 in Singapore or the equivalent of $359 in US dollars. DBS Bank customers also had the ability to withdraw cash over the counter as bank branches remained open until 6:30 PM that day.

At that point in time the DBS Bank did not know what had caused the outage but they were accepting assistance from IBM, who executes some of the bank's information technology operations through an outsourced contract. The managing director and head of group technology and operations at DBS Bank provided a statement, “The bank contains many levels of redundant areas, protecting against occurrences such as this, as this is the very first time something like this nature has happened.”

The DBS Bank started a ten year outsourcing partnership with IBM with a Singapore value of 1.2 billion dollars in November of 2002. This partnership also included the transfer of five hundred DBS Bank information technology staff who were located in Singapore and Hong Kong to IBM. Through the agreement, IBM provides integrated around the clock customer help desk support, and manages many of DBS current software solutions, while providing systems management for the bank.” The deal also involved IBM building new information technology facilities in Singapore and Hong Kong utilizing “cutting edge computer technologies assisting the processing, security, and backup capabilities of the DBS Bank IT center.” The DBS Bank still had direct control over many primary IT functions such as their IT strategy and architecture, their security, and various strategic projects.

Alvin Lai, a spokesman for IBM said, “IBM worked in hand with DBS to bring back disrupted bank services the next day. IBM is strongly committed to assisting DBS on a full scale investigation.” Because of the DBS Bank outage, the main central Bank of Singapore, the Monetary Authority of Singapore that is the overseer of all financial services had this to say in an e-mail. “Through information technology and operational risk management, banks must promptly investigate the reasons of bank system breakdowns, applying immediate actions to fix system failures and bring back customer services.”

Singapore banks must follow all technology risk management as well as security guidelines that are issued by the Monetary Authority of Singapore that are in place to guarantee a resiliency and robustness of their banking and other financial related computer systems. “The Monetary Authority of Singapore looks at the bank compliance within these requirements, with appropriate supervisory action when needed.”

Banks within the United States are under a different type of pressure as there is a new scam hackers and cyber criminals are using in order to fool banking customers by utilizing the Verified by Visa and MasterCard SecureCode security functionality. When customers commence secure online banking transactions from a computer that has been infected with malware, a malicious Zeus Trojan inserts a fake copy of the credit card security platform into the user's web browser. The user who does not suspect the malicious action is asked to provide their personal information including their credit card number and Social Security number, the expiration date on their credit card and the credit card pin number. The false and imitation security platform also tries to lure users by stating the new Federal Deposit Insurance Corp. now demands that users sign up for MasterCard or Visa services. From this point cyber criminals accept the data that is sent back to them and utilize it to perform ‘card not present’ transactions with merchants who use the Verified by Visa and MasterCard SecureCode services.

As long as cyber criminals pretend to be the actual victim they are able to remain under the radar and avoid being detected. The chief technology officer of Trusteer who is also the leader of the company's research, Amit Klein, stated, “Users should be suspicious when instructed to enter their credit/debit card data while performing online banking. This exploit comes from the Visa and MasterCard online fraud prevention platforms to make the requests seem real.” The Zeus Trojan has been very successful in causing recent security headaches.

CISSP online training provides an added and necessary layer of security by offering certification training in the area of information security. By learning the many areas and issues concerning data security, individuals and organizations across the globe will be better protected and well informed of the many regions of their infrastructure requiring a stronger measure of security. K Alliance is an excellent and proven source of information security certification training.

About Us: Learning Planet with its wide array of computer based training videos are an excellent choice for companies seeking to keep their workforce trained in the latest software platform revisions and up to date. Unlimited online training provides organizations with entire technical training libraries installed on their intranet. With access to libraries twenty four hours a day, all users have the ability to increase their knowledge and abilities in areas of their choice. Learning Planet is your complete technical training resource.