Skip Navigation Links
Managing the risk of internet banking transfers
04 Apr 2014 (191 views)

Many people do not know the difference between what is big and what is small, what is important and what is not important.

They apply the same approach to all these issues. Someone said that the approach should not be "one size fit all". 

When it comes to internet banking transfers, there is an excessive fear of hackers coming into our bank account. Banks introduced many layers of security, in my view to an excessive level, to counter the risk of hacking. 

It is serious, but not so serious, if a hacker is able to access my account and see the balance. Many employees of the bank have access to my balance anyway, as they need this access to provide customer service. 

When the send the monthly bank statement to me, the post man can also take away my statement and view it. 

The real risk is when the hacker makes a fraudulent transfer from my account. This is where a higher layer of verification is required. 

The real risk to the customer is in making a mistake by entering the wrong account code or amount. This risk is much higher than the risk of a hacker making a fraudulent transfer, which is quite remote. 

If a mistake or fraudulent transfer is made for a small amount, it is not that serious. We stand the risk of cash being taken from our wallet by a thief or pickpocket or losing the notes carelessly anyway. 

The practical approach is to allow the customer to set a tolerance limit and requires a higher level of security for transfers beyond that limit.

There is the risk that the data could be changed by the hacker who taps into the connection between the customer and the bank. Who would want to spend so much time and transfer to commit a crime for a small amount? The risk of being caught is higher for a cyber thief than for a real thief anyway. 

If the amount is large, the bank can send the transfer for re-confirmation by the payer who can do it with a 2FA token. This should be more than adequate. 

It is possible to imagine how a hacker or criminal would circumvent it, but it would be far too troublesome for them. There are other better ways to commit their crime.

Tan Kin Lian



Managing the risk of internet banking transfers
[Back] [Print]


Many people do not know the difference between what is big and what is small, what is important and what is not important.

They apply the same approach to all these issues. Someone said that the approach should not be "one size fit all". 

When it comes to internet banking transfers, there is an excessive fear of hackers coming into our bank account. Banks introduced many layers of security, in my view to an excessive level, to counter the risk of hacking. 

It is serious, but not so serious, if a hacker is able to access my account and see the balance. Many employees of the bank have access to my balance anyway, as they need this access to provide customer service. 

When the send the monthly bank statement to me, the post man can also take away my statement and view it. 

The real risk is when the hacker makes a fraudulent transfer from my account. This is where a higher layer of verification is required. 

The real risk to the customer is in making a mistake by entering the wrong account code or amount. This risk is much higher than the risk of a hacker making a fraudulent transfer, which is quite remote. 

If a mistake or fraudulent transfer is made for a small amount, it is not that serious. We stand the risk of cash being taken from our wallet by a thief or pickpocket or losing the notes carelessly anyway. 

The practical approach is to allow the customer to set a tolerance limit and requires a higher level of security for transfers beyond that limit.

There is the risk that the data could be changed by the hacker who taps into the connection between the customer and the bank. Who would want to spend so much time and transfer to commit a crime for a small amount? The risk of being caught is higher for a cyber thief than for a real thief anyway. 

If the amount is large, the bank can send the transfer for re-confirmation by the payer who can do it with a 2FA token. This should be more than adequate. 

It is possible to imagine how a hacker or criminal would circumvent it, but it would be far too troublesome for them. There are other better ways to commit their crime.

Tan Kin Lian