Cybersecurity. One of the many buzzwords of the modern era, which has become a mantra of not only technology developers who are faced with heightening the standards for customer safety in today’s internet-based financial markets economy, but regulators too.
Very recently, CFTC Chairman Timothy Massad stated that the federal regulatory authority over which he presides is so underfunded that it cannot evolve to handle Bitcoin and modern electronic markets, particularly with regard to stepping up safety.
In November, Chairman Massad stated at a conference in Chicago: “Keep in mind that some of our major financial institutions are spending more on cybersecurity each year than our agency’s entire budget.”
Furthermore, the technological evolution of ancillary and satellite aspects of the global financial markets economy have required revolutionary cybersecurity measures, in particular Bitcoin, which had been the subject of lack of investor confidence as a result of the high profile demise of MtGox which was brought about by unauthorized access to Bitcoin storage. Subsequently, technology, backed by mainstream venture capital investors, was launched in order to counter the threats from external hacking in the form of secure cold wallet storage, and in the case of Coinsetter, biometric facial recognition for cold wallet access.
The remarkable developments that have occurred during the last year however, did not stop $1.75 million worth of virtual currency being stolen from cold wallet storage at BTER Exchange this week.
Although the leading edge developments in new phenomena such as Bitcoin and certain electronic trading products can be a challenge for technology developers as far as security is concerned, it is not just these specialist sectors whose security is not up to the mark, according to certain experts.
Two of the United Kingdom’s major banks, RBS and NatWest, operate an application that allows customers to log into their accounts with a fingerprint, one of the well recognized methods that is widely acknowledged as being the most secure means possible, surpassing security by passwords and numeric combinations.
Professor Mike Jackson, a cybersecurity expert at Birmingham City University, claims the technology offers about as much security as “leaving your house keys under the front doormat.”
“It is not something I would do – put it that way,” he added when reporting on the subject to the Daily Mail.
The banks’ applications utilise Apple’s Touch ID feature, which lets owners of an iPhone 5, 6 or 6 Plus access their device by touching the button under the screen. If the fingerprint matches one they have stored previously, the screen is unlocked. On earlier models, users must enter a numerical code instead.
RBS and NatWest, both part of the Royal Bank of Scotland Group, say around 880,000 of their customers have the newer iPhones so can now get into their bank accounts using Touch ID. They simply activate the technology first by inputting their usual security information.
Almost anybody, given enough chance, would be able to break it according to Professor Jackson.
Should this be the case, criminals could easily break into someone’s bank account by using a high-quality photograph or clear image of the phone-owner’s fingerprint. Such an image could even be gleaned from the phone’s screen itself. More sophisticated fingerprint-recognition systems can detect the warmth and veins within fingers.
Ben Schlabs of the German think tank SRLabs said: “Fingerprints are not fit for secure local-user authentication as long as “fake fingers” can be produced from these pervasive copies. It is a very different risk to something that is inside your brain.”
RBS and NatWest yesterday said they were confident the fingerprint technology was safe to use, pointing out it was already popular with banks in the US and other countries. “We do everything we can to make banking secure for our customers and we’ve tested this to make sure it was safe before launch,’ they added.
This is a very interesting observation by Professor Jackson, as it calls into question the developments away from standard alphanumeric combinations for usernames and passwords for accounts accessible from mobile devices. Many FX companies rely on mobile trading to make up a significant part of their retail order flow, and there are some companies which are going down the mobile-led route, offering no desktop platform, and concentrating on hand held devices.
The virtual currency industry has had to concentrate on stepping up security in the aftermath of several hacks which have brought about the end of prominent exchanges, and indeed non-alphanumeric methods are considered modern and secure.
Indeed, should Professor Jackson’s perspective be correct, a return to the drawing board may be necessary for app developers.