Wednesday, September 10, 2008

Security for break-ins

TraceSecurity is a company that gets contracted by banks to break into their security. The company employs specialists that can think like criminals and can crack all security. The advantage of getting this company in to break your security is that you can fix the holes before the real crooks try and break into your bank.

TraceSecurity recently announced that they could compromise more than a 1000 banks' security in less than 30 minutes. (read more here). What does this mean? Well for a start, holes exist in all banking systems. It is possible to break into banking systems, no matter how hard it is made. If banking systems are un-penetrable, they would also be un-usable. The question is not if it is impossible to break into systems, but rather if all transactions can be traced, that disputes can be handled effectively and that a legal basis exist to resolve security issues and to be able to prosecute succesfully in the case that breaches occur.

Even though it is possible to build mobile banking systems that are more secure and more difficult to break into than any other banking system. (see one of my previous blogs). It is also important to build traceability into mobile banking systems. It is important to have mechanisms available so that a solid legal framework can be built to protect both the bank and the subscriber. Because mobile banking security systems are often built by techies, solutions are unfortunately not all designed to cater for situations when security is breached - as it is always possible.

No comments: