Secure Information Sharing Architecture (SISA) renowned payment security specialist in August 2018 came up with an eight-point action plan for banks and financial institutions to prevent cyber attacks.
These recommendations came in the wake of reported fraudulent transactions amounting to ` 94 crore at Pune-based Cosmos Co-operative Bank in August 2018.
As per the report, it is not the software failure that led to fraud, rather it was lack of security measures which resulted in fraud. It has also advised account holders to be more cautious about transactions in their accounts in order to prevent any fraud.
Banks can implement the action plan prepared by SISA to secure the payment switch application and network environment. It suggests enabling multi-factor authentication for users to log in to the Switch application server. Another suggestion is that IP (internet protocol) table be enabled to allow access to only authorised systems to the Switch server, and reset the password of all privileged users in the Switch application server. The plan further lays out that in case of any suspicious activity, the institution should contact within 24 hours their Payment Forensic Investigator (PFI), authorised by the payment brands and listed on the PCI Council website.
A credential-based vulnerability assessment scan is also suggested by the plan to a non-credential-based vulnerability assessment scan, as the latter has limitations in identifying all vulnerabilities present network components or the servers.
The plan suggests account holders to change the password at regular intervals, and keep a constant vigilant eye on their transactions and immediately report to their bank in case of any transaction not made by them. Account holders are also advised to not use public computer or hotel wi-fi for transaction purposes.