Will Facebook’s digital-currency heighten cyber-attacks on banks?
Facebook; arguably, the world’s most popular social media platform, is set to roll-out a global currency and financial infrastructure by 2020.
This digital currency targets the world’s unbanked population, many of whom are in developing countries.
The cryptocurrency, moniker- Libra, is set to become a single most remarkable attempt to deepen peer-to-peer currency transaction through blockchain techniques. Libra is envisioned to provide an alternative financial system that will make it possible for people from all walks of life to send and receive money via Facebook’s platforms like Messenger, Calibra (Facebook’s new digital wallet to be launched in 2020), WhatsApp and other standalone apps at a relatively cheap fee. Facebook is, therefore, leveraging its existing infrastructure through economies of scope to maximise gains from the digital ecosystem.
The company expects that through Libra, remittance transaction cost will reduce substantially to the benefit of both Facebook and Users.
The company expects that through Libra, remittance transaction cost will reduce substantially to the benefit of both Facebook and Users.
However, several hurdles must be addressed by Facebook before the Libra is fully rolled-out, especially that many of the targeted users are not fully technology literate. These barriers include ensuring adequate protection for users and system resilience to physical and cyber-threats.
Blips in the system could cast credibility concerns for Libra and drive down the user base. The consequential impact of breaches in Libra on individual users and by extension, the respective countries could be catastrophic. Facebook is, therefore, required to improve on its reputation judging from the many breaches the company has witnessed in the few years. The company mustn’t relent on its oars, but, should continually push boundaries to guarantee a near “full Prove” security for users.
Other crucial issues needing redress before the roll-out of Libra include; clarity over Libra’s governing law, which ensures that the sovereign authority of countries other than the United States is not impugned in any way. Establishing protocols to prevent the potential surge in money laundering, and also measures aimed at preventing the sale of unapproved and harmful products to unsuspecting customers via the internet are the others. It is anticipated that Facebook is committed to addressing these concerns before 2020 when the Libra goes live.
Despite these immediate concerns that Facebook must address, there are other concerns with Libra’s introduction that Facebook will not be able to address directly and adequately. These include a potential rise in cybercrimes, imposition of domestic tax on Libra transactions by different countries, as well as political interference by individual countries.
The concern over potential heighten in cybercrimes in the financial sector as a result of Libra’s introduction is the focus of this piece. The concern regrettably is real. Libra will increase financial exchange among individuals, many of whom are not cyber alert. There are clearly significant vulnerabilities in the financial ecosystem of developing countries on the back of recent significant strides made in deepening financial integration and coverage through mobile money and digital banking. These system vulnerabilities amplified by weak cyber awareness on the part of users have become the arbitrage for exploitation by cybercriminals.
Why are Banks still important? Libra will in one way or the other be cleared through a banking system. The many partners who have already signed on to Libra including Uber, Spotify, and Mastercard and Naspers, rely heavily on the banking system for certain transactions. Since money is kept at banks and the fact that banks are a repository of customers’ personal information makes them a top target of cyber-criminals. Libra will bring over 3.7 billion people to the financial ecosystem, and that is enough arbitrage/bait to lure cybercriminals. Cyber-attacks which are deliberate exploitation of computer systems and network systems by attackers aimed at compromising systems resistibility resulting in breaches are projected to increase. Banks, however, could reduce the possibility of attacks through reforms which target Bank’s People (Bankers and Customers), the bank’s systems and finally the bank’s Technology (PST). Below are some pointers which amplify the PST concept.
Formation of cybersecurity Units within banks is critical. Fortunately, many Central Banks in developing countries have put in place comprehensive Financial Sector Cybersecurity Policies. As one of the requirements of such policies, Banks are to establish cybersecurity units equipped with modern tools, and the skill-sets needed to face squarely cyber “bad guys.” To have such Units function well will require that the individual banks develop their own cybersecurity manuals, guidelines, plans, etc., and also mainstream cybersecurity in their corporate governance architecture. Such cyber plans must be different from the traditional risk management policies of banks. Any cybersecurity plan must provide information to the user on what must be done to prevent cyber-breaches, and when breaches occur, what must be done to reduce their impact. By way of example, any cyber-plan must have a protocol on how to use office computers. This is critical because one means computers get compromise is by booting and signing-on while connected to the internet. The possibility of password theft in such instance is high. It is recommended that one plugs-off the internet when booting and signing-on into a computer. You only connect to the internet when the computer is running.
Another area banks must be watchful of relates the usage of “Near Field Communication” (NFC) gadgets. Near field Communication enables two or more devices such as smartphones, tablets, and laptops to establish a link between them within a specific range. It is not uncommon to see Banking staff use their smartphones during working hours. In many instances, the Staff(s) uses their personal gadgets on the bank’s internet infrastructure. In such a situation, the possibility of such third-party devices without adequate protection, becoming the target of “bad guys” is high. The use of personal gadgets on banks’ internet infrastructure increases the degree of susceptibility to all forms of attacks, including phishing and DDoS. Equally serious is the fact that some banks even do not have established protocols on the use of their internet infrastructure.
Another area requiring attention relates to the use of third-party ancillary technologies by banks. Ancillary services used by banks, including CCTV cameras, POS devices and lighting, are susceptible to exploitation. These infrastructures are typically provided by third parties and are not controlled by the banks. When such third-party contracts are not managed well, they could be compromised and become the source of information pilfering. Without adequate protocols by banks to check vulnerabilities in these infrastructures, it could open banks to high levels of cyber-attacks. In many instances, such ancillary services have become the conduit for stealing passwords when protection protocols are inadequate.
Lastly, banks must be concerned about the externalities of mobile and digital banking products. In the last decade or so, banks have aggressively rolled-out numerous products, including mobile and e-banking. These products currently are not “full-prove” and have become the conduit for exploitation due to high levels of vulnerabilities in them. A larger number of banks in Africa are relying on modern, state-of-the-art technologies to expand their services. These advanced tools have undeniably helped to bring into the banking fold a large number of the unbanked population. In this expansionary pursuit, several of the banks have engaged the services of agents and contractors who drive these processes. Regrettably, the infrastructure required to secure end-to-end protection for the customers who patronise these instruments is not adequate. Rampant system lapses have been exploited by cyber “bad guy” to their advantage. Personal information of customers gets compromised whenever breaches occur. To resolve this challenge, would require that the banks put in place a multiple-folds of protection for customers using these services.
Read Also: Gideon Sarpong writes: Basic steps to enhance your privacy and security within the digital ecosystem
I guess there is no one-fit-all solution to the mountain cyber-security challenges in the financial sector. An attempt at any solution must be one that is cross-cutting, i.e. some targeted at people, others targeted at systems as well as those targeted at technology (PST). Ensuring compatibility, efficiency and resistibility in PST is a sure path to reducing vulnerabilities in the financial sector. At the same time, there is the need to encourage across board collaboration among the different players in the banking sector value chain while ensuring multiple layers of protection in all facets of banking.
Hopefully, Libra will be different from the infamous Bitcoin!
Article by Henry Kyeremeh | iWatch Africa | kyeremeh@gmail.com