- Two-step authentication process used by most banks is inadequate
- Vulnerabilities identified similar to those that were used by hackers to steal up to $1 billion across Eastern Europe
- UK regulator says bank customers must be reimbursed, banks are responsible for security
- Highlights risks to deposits and systemic risk should such vulnerabilities be exploited in cyber-warfare or indeed for monetary gain
The vulnerability of banks and the global banking system – reliant as it has become on computer systems, information technology and the internet – was highlighted yet again in an important article in the Financial Times on Tuesday which was largely ignored elsewhere.
The FT reports that it has come into possession of documents and correspondence between the Financial Conduct Authority (FCA) and a cyber security firm, Bronzeye that identify “serious security issues” at British high street banks.
“Britain’s markets watchdog, the Financial Conduct Authority, was warned last July about a loophole in the cyber security of one of Britain’s biggest banks that could give hackers unfettered access to customer accounts,” reports the FT.
Bronzeye identified a weakness in the two-step authentication process used by most banks and reported it to the FCA in July of last year. It is apparently similar to the flaw that allowed hackers to raid up to $1 billion from around 100 banks, predominantly in Eastern Europe.
Bronzeye identified one “large British bank”, the name of which was redacted in the documents, that had “22 critical vulnerabilities”. One of these flaws could “stop the bank in it’s tracks”, according to the firm.
Oddly, the bank refused to work with Bronzeye to fix the problem.
On the surface it would appear that banks customers need not concern themselves with these developments. The FCA has made it clear that banks must absorb the costs of raids on customers accounts by hackers.
“We are focused on ensuring the right outcomes based on our three operational objectives. We expect firms to provide redress for consumers impacted by cyber crime, consumers should not lose out as a result of cyber crime. Management and oversight of the systemic cyber risks lie with the Bank of England and Prudential Regulation Authority supervision,” they said.
While this is encouraging we believe that this story again exposes systemic risks to the banking system. If the accounts of a number of banks were targeted en masse in a coordinated act of cyber-warfare or cyber-terrorism it could severely impact and even disable individual banks and their deposit accounts and indeed the entire western banking system through contagion.
We have covered previously how governments across the world have been infecting the systems of their rivals with malware. Although generally they have not exploited the breaches to date.
It is likely that groups and governments hostile to the West have also identified such simple vulnerabilities in the western banking system but decided it was not in their interest to exploit them … yet.
Recently we pointed out how an international hacking group stole $300 million from bank accounts and how the global digital banking system is not secure . We also pointed out how cyber war poses risk of bail-ins to banks and deposits.
We are not suggesting that readers should dash out and empty their bank accounts. We are simply identifying risks to the system of which people should be aware and that they take reasonable precautions including diversification of deposits and diversification from deposits.
Having all your eggs in a deposit account is no longer prudent.
Academic and independent research and indeed the modern and historical record shows how physical gold is the safest asset-class in the world. An allocation of some of one’s portfolio to physical gold is insurance against technological and systemic risks posed to all virtual wealth today – whether that be digital bitcoin or electronic currencies in deposit accounts.
These risks have never been seen before and yet are largely unappreciated and ignored by brokers, financial advisors and bankers.
Today’s AM fix was USD 1,199.75, EUR 1,086.04 and GBP 786.46 per ounce.
Yesterday’s AM fix was USD 1,204.25, EUR 1,082.67 and GBP 785.19 per ounce.
Gold fell 0.32% percent or $3.80 and closed at $1,199.40 an ounce yesterday, while silver slipped 0.49% or $0.08 to $16.18 an ounce. Gold steadied around $1,200 this morning in trading in the UK and Ireland after a three days of slight losses.
Brent crude was flat on Thursday, managing to hold above $60 a barrel as investors brushed aside bearish U.S. inventories data to focus on the lack of a deal in talks over Iran’s nuclear program and the risk of conflict between Israel and Iran.
Investors await the European Central Bank (ECB) policy meeting outcome at 12:45 GMT today to learn more details of Draghi’s bond buying bonanza equalling 1.1 trillion euros.
The non farm payrolls a key U.S. economic indicator is scheduled for release on Friday. Market participants are hoping for a clue as to when the U.S. Federal Reserve’s interest rate hike may occur.
Not all Fed governors are on plan for a June-September 2015 rate hike. Chicago Federal Reserve Bank President, Charles Evans, told a local Rotary Club, “Given uncomfortably low inflation and an uncertain global environment, there are few benefits and significant risks to increasing interest rates prematurely.”
Evans told reporters after the presentation that, “a rate hike will be not be appropriate until “early 2016” which is gold supportive.
Spot gold was up 0.1 percent to $1,200.65 an ounce in late morning trading in London, after dipping one percent in the previous three sessions on a strong dollar and robust U.S. economic data.
Spot silver slipped 0.1 percent to $16.16 an ounce, while palladium was up 0.1 percent at $828.50 an ounce and platinum was steady at $1,180.45 an ounce.
Updates and Award Winning Research Here