Banks are a great place to keep money safe from theft and excessive spending. In order to keep the money safe, Regulation No 02/2018 of 24/01/2018 on Cybersecurity was enacted. The aim of the regulation is to ensure that the bank establishes standards to protect against security threats. It is also meant to protect customer information so that when you open a bank account, or your parents open one for you, it will not be affected by computer-generated crimes.
An example of a cybersecurity or computer-generated threat is hacking. This is where a person gains unauthorised access to the bank system. When this happens, the hacker is likely to rob money or publish information which is meant to be confidential.
Therefore, it is a requirement of article 5 of Regulation No 02/2018 of 24/01/2018 on Cybersecurity for every bank to have a cybersecurity strategy and programme which is aimed at protecting the confidentiality, integrity and availability of the bank’s information systems.
An example of confidentiality is that every customer only knows information about his/her own bank account. If you ask for the details of another customer, they will not give them to you. They won’t tell you if the customer has an account with the bank, how much they have on their account or any transactions that have been made unless you are also a signatory to the account.
However, confidentiality can be overridden if the customer is a danger to the country and authorities need access to the bank account to prevent harmful activities.
Another measure to protect customers’ information is the requirement that banks have adequate ‘Know Your Customer’ (KYC) procedures. This means that when a customer is being registered for services offered by a bank, there should be adequate sensitive data protection, adequate mobile security protection and user training. The core banking system must be integrated with the National Identification system for the customer identity verification mechanism. That is why they require a national ID or a passport to open an account.
Sensitive information has to be protected from unauthorised access. That is why only a few people have access and permission to perform certain tasks.
One way of preventing unauthorised access, according to article 12 of Regulation No 02/2018 of 24/01/2018 on Cybersecurity, is to have multi-factor authentication. An example of multi-factor authentication is the use of ATM Cards.
Every person who opens a bank account is given an ATM card so that they can withdraw money from their account, or in some instances, deposit it with ease. The ATM card has a password which is known only to the card owner. So then, multi-factor authentication in this case is the card and the password because you need both of those things to gain access to the account.