Security Threats to Banking

 
INTRODUCTION
The research project was undertaken to discover security threats and vulnerabilities experienced in First National Bank Botswana organization and how they mitigate them, this was carried out with the intention of making better and appropriate recommendations to combat them in the future and strengthen their information system and innovate some of their services for better competitive advantage and customer satisfaction.

CURRENT SYSTEM (S)
The bank has several current information systems in place which has enhanced its performance and productivity resulting in customer satisfaction and convenience hence customer loyalty to FNBB. According to Mr. Edwin M FNBB have the following information systems in use.

Online Banking
Customers can access the bank account anywhere, anytime as long they have internet access where there are, and they can do any transaction; paying bills, buy online, view balance, bank statement and transfer funds to third party.

Cell Phone Banking
Now with cell phone banking in place customer do not need to be behind a computer doing transaction, they can access their funds/ bank account by using their mobile phones which is more convenient, fast and user friendly. Its new cell phone banking service, enabling banking activities such as balance enquiries, statement requests and the ability to make payments to third parties.

The service is accessible through any handset in Botswana and uses SMS or a menu-based technology for customers to complete their banking transactions, increasing mass market reach and adding functionality to First National Bank of Botswana’s (FNBB) offerings.

“The new FNB Cell phone banking offering is a natural extension from the pioneering beginnings of the in Contact service,” said Yolisa Lejowa, FNBB head of electronic banking. “Initially the service will only be available on the Mascom network but we envisage activating FNB Cell phone banking on the Orange network as well, shortly.”

By introducing these systems the bank has saved a lot of money which would be used for stationery in the manual system and the bank saw a great positive impact on their daily activities, long queues is the thing of the past, productivity, efficiency and market share has increased. New customers can even apply for bank accounts online without going to the bank as long as they provide valid details; everything will be processed within a short period of time. Now customers have the bank “virtual bank” with them wherever they go.

Some of the Information systems are;

Transaction Processing system
Human resource Management system
Executive management system
INFORMATION RESOURCE AND CONTROL
According www.datamonitor.com head of electronic banking (chief information officer) at FNBB has a critical role and responsible for the entire security of the organization, plan and implement technology advancement and innovations to ensure that FNBB stays atop of the market in the banking industry in Botswana. The Electronic bank head critical evaluate the security system’s ability to protect bank and customer data.

According to Eddie M in interviews response stated that chief information officer overlook the entire organization information system, to ensure that all resources are utilized within the budget and enforce higher security in the system to ensure business continuity. This is achieved by defining, updating, implementing IT strategy and align IT objectives and programs to enterprise objectives and strategies. By applying the above critical roles result in data privacy and confidentially, data integrity, authentication, non-repudiation. The head of electronic banking of FNBB set security privileges in the organization to ensure that certain areas and information is only accessed by authorized personnel or user.

He carries out and enforces comprehensive security policy in the organization. According to www.fdic.gov/news/news/financial/1999/FIL9968b.doc A comprehensive information security policy should outline a proactive and ongoing program incorporating three components;

Prevention
Detection
Response
E-banking services must be delivered on a consistent and timely basis in accordance with high customer expectations for a constant and rapid availability and potential high transaction demand. The bank must be able to deliver online banking services to all end-users and be able to maintain such availability in all circumstances.

ORGANISATION SECURITY
SYSTEM RISK
System risk is a potential problem, situation that if it materializes, may adversely affect the business operation or system operation. http://www.pathways.cu.edu.eg/ . According to Eddie M 26 March 2010 Interviews. “The use of information system which is online banking and cell phone banking has brought some risks and threats which are as follows; information theft, hacking of the system, System Failure due to hardware problem or power failure even software crushing, backup gets corrupted sometimes”.

The above table summarizes the system risks that exist with the use of information system; some of the risks are intentional were the user or unauthorized person get to do some modification in the system database/ some system components which will compromise availability or integrity of the data produced, processed. Some of the threats are accidental where by the user discloses his/her online banking details leading to account hacking and money theft. Network malfunction/ interruption is one of the major threats, sometimes network hardware components fails leading to break of data transfer between computers and servers leading to online system been unable to function normal (down).

Electricity blackout it’s a major concern in Botswana because it happens more often resulting in online banking and cell phone banking being inaccessible during the period, as cell phone network goes down during electricity blackout and some electronics components tends to fails as well leading to system failure as information systems are comprised of different electronics components. All the above mentioned system risks and threats are the main faced by First National Bank Botswana.

SYSTEM RISK MITIGATION
To mitigate risks and threats board of directors and the head of electronic banking must ensure that appropriate security control processes are in place for online banking. (FNBB Report, 2009). To deal with this risks authorization privileges and authentication measures, logical and physical access control, adequate infrastructure security to maintain appropriate boundaries and restriction on both external user activities and data integrity of transactions, record and information should be implemented in the bank. http://www.bis.org/publ/bcbs98.htm.

SECURITY
CLOSED CIRCUIT TELEVISION (CCTV)
CCTV is used to capture and monitor all customer and employee activities inside and outside the bank building for security reasons.” You’ll find CCTVcameras sweeping the perimeter and parking areas, lobbies, drive-up windows and ATMS. Almost everyone who has worked in the banking industry and many customers has used CCTV to prevent and/or identify illegal activity at banking facilities. Video tapes and digital recordings capture the faces and activities of everyone using bank properties”. (Pirraglia W).

The captured recordings are archived bydate, so prior recordings can be located and used to solve problems and help apprehend perpetrators of illegal bank activity. Most of the banks around the world have cctv installed in their buildings and around ATM terminals, so FNBB use CCTV for the same purpose as explained above, all of their building are monitored by CCTV.