Wednesday, January 28, 2004

Banks warned over viruses and offshoring terror risk

silicon.com - Banks warned over viruses and offshoring terror risk:

by Andy McCue

FSA says technology exposing the City to risk and crime...

Terrorist attacks on outsourced operations, computer virus outbreaks and internet-based 'phishing' scams will all pose serious threats to the UK banking industry in 2004, according to industry regulator the Financial Services Authority (FSA).

In its Financial Risk Outlook 2004 report, the FSA warns that the terrorist threat remains high, with London and other major financial centres high-profile targets.

'The attacks in Istanbul in November 2003 highlighted the need for UK financial institutions to consider risks relating to their overseas operations. The trend towards 'offshoring' key business functions mean that this is an issue for an increasing number of UK firms,' the report said.

The FSA said it will continue to 'monitor the preparedness' of financial institutions but does not want to be 'too prescriptive about the nature of back-up systems' that firms use.

The phishing and virus attacks also continue to expose the banking industry and the City to a variety of new and evolving threats, and the report claims that smaller financial institutions are a potential weak link.

'Although larger institutions often have well-developed IT security departments and systems, this may not be the case for smaller firms or independent advisers. Firms also need to consider the risk that such an attack could occur at the same time as a physical disruption. This has been identified as a significant risk by law enforcement agencies in the US,' the report said.

Phishing scams, in which spam emails try to direct unwitting users to fake internet banking sites so as to capture confidential personal details, have also been flagged up by the FSA as a problem that is proving difficult to combat. The likes of Barclays and LloydsTSB have been hit.

'The cross-jurisdictional nature of the technology makes it difficult to trace perpetrators. One particular case involved a fake site with a host in one country, paid for from a second, with a server in a third, an IP address in a fourth and a domain registration in a fifth,' said the FSA.

But the FSA also says that the banking industry needs to make use of technology such as web-monitoring software in order to detect fake sites, in addition to working with law enforcement agencies, internet service providers and regulators.

'The immediate risk is to a firm's reputation if its name is connected with fraud. In the longer-term, consumers could lose confidence in internet-based financial services.'"