Corporate customers should pay attention to the following when banking online.
European courts are increasingly holding companies accountable for online banking. If criminals tap into the bank account, account holders often have to pay for the damage themselves. This is something that companies should consider.
A recent study by the German Federal Criminal Police Office calls for increased caution: Cases of computer fraud have increased by 30 percent over the last two years. The total loss recorded due to fraudulent transactions is about 50 million euros. This is at best the tip of the iceberg, as criminologists expect a very high number of unreported cases.
Mistakes are mostly made by Users themselves
The biggest weak point in online banking is often the user himself. Many managers still underestimate the dangers, especially in small and medium-sized companies. They handle payment data all too carelessly and neglect the IT security on their own devices. This can end badly and become expensive: If customers violate their duty of care, they may have to pay for the damage themselves.
Case law is making increasingly strict demands on the behaviour of online banking users. The judges expect users to comply with generally known security measures. In the case of companies, the courts assume an even higher level of knowledge, technology and risk protection than for private individuals.
One of the most popular neobanks for international online businesses at the moment is neobank Revolut with their business banking solution. Others are N26 or Monzo. Here are some more information from testers of the neobank business accounts:
- Revolut Business Banking tested by GoogByeBanks
- N26 Entrepreneur Account tested by MoneyCheck
- Monzo for Business Use checked by MoneytotheMasses
When are Bank Customers liable?
In principle, banks and savings banks are obliged to reimburse incorrect debits immediately. However, they can retain 150 euros if the customer is partly to blame, or even the entire amount in the case of gross negligence. Where does negligence in online banking begin?
Banks usually regulate this in their terms and conditions for online banking. According to these, users must ensure that their access data and security systems cannot be abused carelessly. They are obliged to keep their authentication (PIN and TAN) secret and not to pass it on to third parties. Never enter more than one TAN number per transaction. In addition, customers must observe all bank security instructions and report any misuse immediately. Current case law goes one step further.
The courts expect companies in particular to systematically protect their computers from online attacks by means of virus protection software and firewalls. Account holders and their authorised representatives may not enter any access data or TAN numbers outside the online banking system.
How to minimize Risks
The progressive networking of digital devices offers cyber criminals new points of attack. Companies in particular should never underestimate the liability risks. Here the degree of gross negligence is assumed to be much faster than with private individuals.
Smartphones are particularly at risk. Here, many managers bundle all their communications, transfer data to online storage devices and in some cases even conduct their banking transactions. Attacks on the home office, where many executives are still busy in the evening or on weekends, are also dangerous. The private computer is not always at the same level of hacker protection as in the company, where IT managers take care of it.
In addition to up-to-date firewalls and anti-virus software, you should therefore always pay attention to secure encryption when using a WLAN. Banking transactions from other computers are also taboo. Last but not least, limits for daily transactions make sense.
If several people have access to online banking, they should be carefully selected and made aware of IT risks.
Ideally, the IT system should log all payment transactions, also in order to better trace possible cases of abuse and their causes.
Mobile Phone Security regarding Smartphone Banking
In 2019, mobile viruses doubled from 2018, according to expert research.
Some developers of mobile security solutions see a scenario where to confirm a financial transaction or access an online banking system it will only be necessary for the camera of the mobile phone to record the facial features of a user. This registration will have to be done by moving the camera to detect the face and avoid impersonation with a simple photograph. Neobanks are already on the forefront of implementing this new security technology into their user account access system.
The system created by the company, is part of the search for mechanisms that can provide greater security to an ecosystem that is at the mercy of the threats of technology: infection by malicious software, interception of online transactions for the theft of bank information or identity theft, to name a few.
The challenge is, in addition to securing mobile banking payment environments, to create confidence in the user to adopt these new systems enabled by mobile technologies.
In a survey of online banking users we found that 74% of them do not use mobile banking platforms for security reasons. They are people who have already used online channels but don’t give the leap to mobiles because they don’t have the confidence, said Ross Hogan, leader of the Secure Money business at cybersecurity firm Kaspersky Lab.
In 2018, Kaspersky Lab detected round about 900,000 new malicious programs for mobile devices, three times more than in 2017, where the number of new mobile banking trojans reached 8,000. The mechanics of malicious applications, in order to attack banking systems and mobile payments, is that after entering the customer’s system and device, the malware superimposes the fake pages on the legitimate pages or online payment applications of the bank.
Faced with threats, the industry faces the dilemma of strengthening more complex authentication and security systems, including the execution of dynamic biometric models (camera movement or different pressure levels on fingerprint sensors).
Sometimes the user experience is sacrificed, which slows its adoption. This also discriminates against devices that do not have a camera, a fingerprint detector or even the computational capability to process these measurements, said Mr. Gonzalez, general manager of VeriTran.
The proposal of this firm is to change the paradigm of security where the user has greater control in the authorization of transactions through the use of virtual cards with dynamic numbers (which change with each banking or payment movement), through QR codes or bar codes that the commerce will register when making a collection and that minimize the risk of theft of bank data and the realization of unrecognized movements.
What this concept does is change the way security is viewed. Traditionally, it is to secure the communication channel. What we do now, in addition to using secure channels, is to secure the transaction itself. When we choose the means of payment, we will put the amount of the transaction that is ensuring that the payment is at this time, with a maximum time and with an amount that the user has defined, said the manager.
With a traditional means where the credit card is passed, the amount is entered, then signed and the transaction is accepted, but the user loses control of the transaction, he added.
And while Andrea Fiorentino, Visa Europe’s Mobile Markets coordinator, believes that mobile systems are now secure enough to drive mobile systems, both the threats from cyber criminals and the authorities’ attempts to breach devices (such as the FBI’s case against Apple) pose risks to the general user’s confidence in these platforms.