The issue of the Latin American gang that hacked into some of Malaysia’s automated teller machines (ATMs) and absconded with a little over RM3 million is both frightening and eye-opening. It should be an indication to us that our cyber-security is grossly lacking and perhaps our money and personal information are not as safe as we once thought them to be.
If you have been following the news, you will know that the people who carried out this heist did it in a very simple manner, so much so that it is quite a shock that they were able to get away with so much of our money. In short, the criminals installed a malware onto the ATMs that allowed them to withdraw money from the ATMs every time they inserted a code into the machines.
They were able to install the malware by way of the CD slot under the ATM’s top panel which they simply popped open. All this was done out in the open and still nothing amiss was discovered until much later.
All the news reports of the investigation highlight certain aspects that led to the criminal’s success which include:
- Most ATMs still use Windows XP (up to 95 percent). It is an unprotected operating system as it has been discontinued by Microsoft and is no longer receiving security updates.
- Old models of ATMs (NCR5587) that can be easily tampered with.
- Most machines have not been updated in five years.
- There is nothing stopping unauthorised access to ATMs beyond what the standard customer should be capable of.
It is an emerging trend among Malaysians to conduct many of their monetary transactions online such as bill payments, shopping, money transfers and investments. This trend is a little worrying as according to the Sophos Security Threat report 2013, Malaysia ranked fifth most vulnerable country to cyber-attacks.
Nevertheless, despite our obviously lax cyber-security, citizens are being encouraged to conduct more and more of their transactions through online banking and e-payments; which is honestly a mind-boggling notion. Proof of this includes the topic earlier this year where there was talk of banks charging a 50 sen processing fee per cheque starting April 1, 2014, which was then postponed to Jan 2, 2015 as many banks were still not equipped to accept e-payments.
Rushed into online banking?
As the issue of cyber-security concerns both our money and personal information when it comes to the banking industry we have to ask, what is being done to increase Malaysia’s cyber-security and make our online banking safe? How can we conduct e-payments with confidence when even our ATMs are easily tampered with?
How many of us have already suffered because we have been rushed into online banking without looking at the possible repercussions and have not prepared for them?
One thing is for sure, the ‘basic layer’ of protection that banks provide for their online and mobile banking is no longer enough. It seems the only options we have until responsible parties decide to strengthen our cyber-security are to cower in fear of the cyber-criminal; to be constantly looking over the virtual shoulder or to spend hefty sums on bank processing fees for physical transactions that are sure to increase the more we are ‘encouraged’ to use e-payment.
Until our cyber security is not compromised, Bank Negara Malaysia should defer the implementation of mandatory online banking and e-payments.
SM MOHAMED IDRIS is president, Consumers Association of Penang.
