Surprisingly, These Are Your Bank’s Biggest Security Risks

With the Heartbleed bug starting to generate less noise in the news, an interesting takeaway from the whole incident is the strength of many of the largest banks in the world. It really is impressive to see that the majority of the online banking websites have been left unaffected by the Heartbleed bug. Still, banks are at risk of shocking security threats that have continued to dampen the safety of online banking over the years.


Photo: Slavoljub Pantelic / Shutterstock

Take a look below to get an idea on what these major security risks really are, you may be surprised.

Web App Attacks

Web app attacks make up for more than 25 percent of banking breaches as of last year. This type of attack consists of the attacker using one of many application hacking techniques to modify Web app sessions. The most basic examples are phishing attacks and trick links that contain malware. SQL injections are sometimes used, but they are not as common.

These attacks allow the attacker to obtain your login credentials, which consist of your username and password. What they end up doing with this information will depend on what’s possible and who has access to it.

For example, they may use InstaDebit deposit option at an online poker room to clear out your account. The information may also be used to gain access to other online accounts that you own with the same login credentials. In some cases, an attacker could even go as far as producing a fake debit VISA and then continue to empty your account.

Distributed Denial of Service (DDoS)

The DDoS attack is incredibly common and it affects many websites across the world. As such, it is common for banks to be on the receiving end of DDoS attacks. However, these are not always harmful to the users.

In the past, a DDoS attack was usually small and would just keep a website down for a few moments. They have gotten bigger with time though, as more and more computing power is being directed towards this purpose. In fact, the average strength of a DDoS attack increased by more than 100 percent just from 2011 to 2013.

DDoS attacks are not direct security breaches. However, they always need to be researched. If someone is going to put enough power towards a DDoS attack on a bank’s website, chances are there is a reason for it. One of the more common reasons to use a DDoS attack is to create a decoy – so the bank’s security team would be busy combatting the DDoS attack while a security breach is taking place elsewhere in their server.

ATM Skimmers

Here’s a big one that has been around for a while and that has proven to be very hard to stop.

ATM skimming software allows for an attacker to simply insert the skimming device into the card slot at an ATM or similar payment device. The skimming device is loaded with software that allows the attacker to read the card information.

ATM skimming attacks are a very common threat to banks. In 2013, they made up 22 percent of all attacks, which puts them pretty close to the Web app attack.

Card skimming was once a very manual effort. For instance, you would stick your card into the slot of a bank machine late at night and then you wouldn’t be able to get it out. This could be due to a fake sleeve, tape, etc. The culprit would then snatch your card and use it however they can. It’s a lot more glamorous now – today’s card readers can skim information from every card that goes into them and this has been used effectively at major department stores, where high volumes of credit card information gets processed each day.

The problem with this method of attack is that the vast majority of victims are truly realized as being victims. This means that their bank accounts get drained, their credit lines get drained, and they even end up with new credit lines that are immediately drained. Of course, the attackers try to keep as safe as possible – for instance, they may wait on a very high limit credit card to go through their checkout line and only utilize information from a card each month or so.

How Can You Keep Your Bank Account Safe?

Your bank account and your credit lines are your own responsibility. Banks are doing what they can to implement better security measures into their online banking interface and all their software. However, there’s not a lot that they can really do – stuff like Web app attacks have been around for a while and it will continue to exist for many years.

So all you can do is be as diligent as possible. Make the effort to keep an eye on your credit profile – a credit monitoring service can go a long way to keeping you safe from identity theft. After all, you may be as safe as possible but a transaction from five years ago could still be on file and the other party could have suffered a security breach. It happened at a Michaels craft store and it happened with Target, so it’s not exactly impossible.

The world is evolving with all new technology. This gives new roads for malicious attackers to travel. As even the best security experts are still mastering the latest technologies, it will be a long time before hackers are truly put to an end.

At the very least, you can sleep a little easier knowing that most banking websites and apps are completely safe. It’s not a direct security flaw that makes bank account holders, but rather third party risks.