BANKING INDUSTRY: SECURITY AND PRIVACY
Gino Bautista, Natasha Monica Conde, Treisha Marie Tan, Melchor Tatlonghari,
and Philip John Torres
EM-TECH S16
natahaconde@yahoo.com
De La Salle University - Manila
ABSTRACT
This research paper will provide audience idea of
what issues encountered by banking industry and
its consumers today. It will first give overview on
the background of banking when it terms to
security and privacy and why it is very vital today.
This paper aims to provide proposition on the
issues security and privacy and discuss the
concerns behind the two main issues. The study
will also briefly discuss fraud, identity theft, credit
card theft and phishing in terms of banking. Data
and statistics taken from studies did by
professionals will also be presented within the
research to prove the dilemma happening. This
paper aims to enrich people’s knowledge when it
terms to security and guide them in curing threats
they encounter.
1. INTRODUCTION
A very relative issue to the banking industry that
is highly scrutinized today is how to keep the
information “secured”. A simple transaction
performed by the customer is in by that very raw
nature already crucial information about that
person. People “trust” the banks to uphold the
strictest sense of information privacy possible.
The people disclose a considerable amount of
confidential information about themselves to the
bank take for example the tedious prerequisite just
to open an account. If the information is not
properly handled and managed this could leak to
other people and will post a serious threat to the
person/s involved. Loop holes on systems whether
manual or not encourages people to do certain
courses of malicious actions. Good for the
banking industry there are now exhaustive efforts
to create systems custom-made for them but are
very pricey which is just for a secured system.
Needs necessitates solutions.
The trend in the banking industry to is to
incorporate services to daily activities as much as
possible. Take advantage of the Internet as an
avenue to conduct banking activities. Later on the
issue will arise from the threats of the security in
the internet. The more the customers enact
activities directly to the bank online – anytime,
anywhere – the more responsibility is demanded
from the banks. With every price matches the
development of solution. There is a vast
technology the banks may choose from. What is
important is to match the solution with the real
business problem faced by the companies.
2. SECURITY AND PRIVACY
Security by definition is the freedom of danger
and/or risk, freedom from anxiety and/or fear. It is
confidence on something that assures you safety.
While in the computer industry, security maybe
regarded as a different term. Security in computer
systems means ensuring data storage in a
computer that it will not be accessed by people
that are not authorized to access them. It may be
through putting passwords on files and/or
encrypting the data, so that it is undecipherable by your tax accounts, and even go to jail with your
those without the encryption key. name.

Encryption is converting data into another Here is the a graph of identity theft
form of data that is unreadable to the naked eye, complaints according to Federal Trade
and in order to recover the original state of the Commission (FTC)
data an encryption key is required. Passwords are
secret set of characters that may is composed of
alphanumeric digits that gives access to user to
particular data.

Security in computer systems not only

refers to protection of data, but also refers to
protection of hardware itself. The data is
inaccessible if the hardware necessary to access
data is compromised.
Figure 1. Identity Theft Complaints

The banking industry is mostly operated

23% of which are allotted to credit card
through computer systems today and banking
fraud, 13% to bank fraud, and 5% to loan frauds.
industry is a very critical part of it. There are
That is almost half of all the fraud crimes in the
different kinds of issues plaguing the banking
area of banking industry. Sad part is that the
industry that hinders users from having confidence
victim may not be aware that he/she is already a
in their banks; this is an issue because it will
victim of fraud, because thieves today have very
prevent people from actually doing transactions
sophisticated and advanced ways of committing
with the bank which is the lifeblood of the
identity theft, one of which is phishing.
industry.
Phishing is creating a bogus site that will
Fraud is one of the many prevalent issues
ask for personal information. It may be your social
at hand in the banking industry. Fraud is deception
security number or credit card number or anything
done for personal benefits, usually monetary gain.
that they could use on you. These bogus site will
Fraud is usually done through identity theft. There
appear official as the regular sites, they could be a
are many different kinds of frauds; the one most
page from the website of your bank stating that
rampant in the banking industry is the credit card
you need to update your personal information on
theft. Identity thieves just needs a copy of your
their database and once you give them your
credit card and some of personal numbers like
information, that’s when they take money from
your social security numbers and/or password and
you without you knowing it.
they can go on a shopping spree without having to
pay any cash ever. According to California State
There are many ways to commit identity
Senator Debra Bowen; "Identity theft is one of the
theft not just phishing. They can even go to as low
easiest, most risk-free crimes thieves can commit.
as even cloning your credit card itself. With
They don't need a gun, a knife, or a getaway car.
almost 50% of fraud incidents in the banking
All they need is someone's Social Security number
industry, security indeed plays a very critical role
and a pen." Thieves are able to do many different
in the industry, and should be taken more
things when you are compromised; they make
seriously.
loans, buy things, they can even get refunds of
 3. THREATS IN SECURITY
Today, consumers use technology to make
banking transactions. These innovative
technologies are online banking, mobile banking,
credit card, and ATM.
Advancement of technologies creates
positive impact to society and industries.
However, there are still negative effects of this,
especially to the most important factor in banking,
security.
One of these problems is fraud. Bank
fraud is the process of obtaining money, assets, or
other property owned or held by a financial
institution in a fraudulent means. Banking fraud in
law applies to actions that employ a scheme or
artifice, as opposed to bank robbery or theft. This
is the reason why bank fraud are considered a
white-collar crime [1]. The mechanics of banking
fraud includes Rogue traders, Fraudulent loans,
Wire fraud, Forged or fraudulent documents,
Uninsured deposits, Demand draft fraud, Forgery
and altered cheques, Cheque kiting, and Money
laundering. There is also what you call Payment
card fraud which very common nowadays. It is
crime where criminals stole credit cards and
ATMs or duplicate or skim credit card and ATM
information [1].
There is also identity theft. It sometimes
called impersonation. This is a very common
problem and is spread both locally and internally.
It operates by obtaining information about an
individual, and then uses this information to apply
for credit cards with the person’s name in it.
Information can be taken from birth certificate,
social security number, and old credit cards [1].
Third is the Credit Card Theft. Credit card
theft is a very serious problem in banking because
once the card has been stolen, the thief can do tons
of purchase while crediting the amount to your
account. If the victim failed to report the incident
of the stolen card and the victim’s card is still out
in the public then this can be a serious threat to the
card holder. Victims of this form of identity theft
have had either their credit card or their credit
card number misused by a thief. In 2005, figure
shows that 3.2 million Americans fell victim to
this form of identity theft that’s why this event
should be taken seriously.
In the Philippines, Metrobank have a way of
detecting this kind of event where the system have
analytics and intelligence in which they were able
to detect if the card is purchasing a lot and
Metrobank will try to warn or notify the card
holder if those purchases that s/he made are
legitimate. This is a very good system because it
will prtect their customers from credit card theft
or illegal use of their credit cards. The system has
the ability to detect suspicious use of credit card
and this is a very good tool in catching those
thefts.
The last issue in security is phishing or
internet fraud. This is when people send forged e-
mail, impersonates an online bank and then,
directs this email to the user to a forged web site
which is designed to look like the login to the
legitimate site but which claims that the user must
update personal info. This information is stolen
and then used in other frauds such as theft of
identity or online auction fraud [1].
There are still other problems encountered
in banking industry when it terms to security;
however, the ones stated above are the very
common. Other problems will be internal fraud
which is focused on the employees, accounting
fraud, falsification of loan application, etc.
4. PROBLEMS IN PRIVACY
Today in the age where information is power and
many threats arise with the advancement of
technology, privacy has been a very important
issue especially when it comes to banking privacy.
Banking, as we all know, is a very important
sector of our country’s economy. Banks lend
money to entrepreneurs and inventors so that jobs
can also be created for the people. Of course, bank
customers are people who are financially capable
and in the middle and high class of society.
According to WebCPA, a website
dedicated to finance industry and banking, the top
3 problems and issues in the field of information
and technology today are: Information Security
Management, Privacy Management, and Secure
data file storage, transmission, and exchange [2].
As we can see, these 3 issues revolve around the
security and privacy of data.
In banking, a person can be a bank’s client
if he/she creates an account and deposit money.
Do clients deposit only their money to safety? No.
If a person decided to become a bank’s client,
he/she also supplies the bank with his/her personal
information. This information is used to market
the client’s needs to other companies. According
to FDIC (Federal Deposit Insurance Corporation)
banks, as of July 2001, are required to give their
customers a copy of their privacy policy. Banks
should also have a copy of their privacy policy on
their websites (FDIC, 2007).
It might look like a good thing since banks
want to market its clients’ needs but if we look at
it in a different angle, it is a violation of our right,
our right for privacy. Companies make use of the
client’s personal information to advertise their
products that are in line with the client’s needs
and interest. This might also cause
information/identity theft. Banks’ data privacy and
security might be good but who knows if the
affiliated companies, whom the banks share their
clients’ information, are also good. If there are
some security glitches, information could be easily
obtained by hackers.
Terrorism might also be used as an excuse
to violate privacy policies of banks not just in our
country, but on the whole world. After the 9/11
terrorist attack of the World Trade Center, United
States government used the SWIFT (Society for
Worldwide Interbank Financial
Telecommunications) database, which is used by
2,200 organizations and 7,800 financial
institutions, to track terrorist-related financial
transactions and most of these transactions
occurred not in the United States but in the foreign
countries. All of the clients’ information is on the
SWIFT database examples are: addresses, phone
numbers, real names, and account numbers.
Having this kind of information United States can
do almost anything in the world and critics called
this as “Abuse of power by Bush Administration”
[3].
5. STATISTICS
Figure 2. Misused Information
The graph presents different crimes under identity
theft and privacy issues. Many crimes can happen
once an identity thief got his/her hands on
personal information. The data used in this graph
was from Ohio in 2004. Phone or Utilities fraud is
rampant on Ohio while Credit Card Fraud is
rampant in other locations. Nevertheless, the
graph tells us that since 2004 identity theft have
been a major problem not just in Ohio, but also in
other location. The following tables are some
breakdowns of identity theft in Ohio.
Types of Bank Ohio Other newly acquired technology of financial
Fraud Location institutions.
Existing Accounts 6.8% 8.5%
Electronic Fund 8.1% 6.6% Nothing is perfect. We can never be too
Transfer safe on a certain technology. One way or another,
New Accounts 2.7% 3.6% people will try to destroy what other people
created. And for information security to be
Unspecified 0.1% 0.1%
efficient in financial institutions, as well as in
TOTAL: 17% 18%
other industries, we must practice continuous
Figure 3. Types of Bank Fraud
improvement for our security. If there are new
Not all bank employees are honest. Some technologies available in the market, we should
employees get a hold of their clients’ information first analyze their strengths and weaknesses
and use it to gain financially for themselves. carefully and make decisions based on whether we
can improve the technology or not.
Types of Credit Ohio Other
It would be hard to cure the threats in
Card Fraud Location
banking industry but we could prevent. There are
New Accounts 14.3% 16.5% two threats in security and privacy, external and
Old Accounts 12.7% 11.9% internal environment. What people should do is
Unspecified 0.1% 0.1% to control both environments and see defensive
TOTAL: 26% 28% measures that could help prevent incidents.
Figure 4. Types of Credit Card Fraud
Banks must keep in mind to consider
internal environment as a threat. These can be the
6. RECOMMENDATIONS / CONCLUSIONS insiders who are the employees, and the partners.
The company should enforce policies and controls
Information Technology represents an important that would discipline their employees. Discipline
role in banking industry especially today where is not only needed for the employees but also
banks deal with issues such as fraud, identity theft, awareness. The company must institute periodic
phishing, phishing, and a slew of other malicious security awareness training for all employees. In
internal and external criminal activity. Banks have this way, a culture of security awareness will be
to act faster and effective when it comes to developed. According to CERT, employees need
protecting data, especially information and assets “to be aware that individuals, either inside or
of their clients. Banks also have to provide risk outside may try to co-opt them into activities
management and control as they fight for security counter to the organization's mission."[8]
and privacy. However, high officials should not only rely on
the rules and training they give their employees.
Since the past centuries, there have been They should always remember that its money of
many ways for an identity theft to get a hold of the people they are gambling. They must give it
your personal information, what more today? As more security. So in order to be more secured,
technology advances, financial institutions gain they must monitor and respond to suspicious or
not just new advantages but also new disturbing behavior, starting when you hire an
disadvantages. A new technology might provide employee. Banks should also track and secure
new services for financial institutions but there the physical environment. They should log,
might also be new ways, techniques, and
technologies that can penetrate the security of a
monitor and audit the employee online action and
implement system change controls.
The second environment is the external.
Almost all industries in the world have been
revolutionized by internet. Internet made all
transactions easier and in the field of banking, the
revolving money that we use is in a form of bits
and bytes. This is a much better way because it
eliminates the problem of bringing cash and the
scare of crime that might take place during the
process. From the traditional way of transacting
our money in the bank where the customer will go
to the bank and deposit or withdraw money, we
were introduced with the concept called self-
service.
People can easily withdraw money from
ATM which is located almost every corner in the
Philippines. Cash is now in the form of E-Cash
and an example of this is the service of Globe
called G-Cash where you can purchase any
product you want to buy with the use of the
cellphone. We have credit cards and by using
these credit cards it also gives the customer to
gain mile points and other benefits from the
providers. It also made our budget better because
through this credit card, we were allowed to pay a
very expensive product through an installment
process. There is also a service called online
banking where you can transact even at the
comfort of your home. With the use of these
technology also, we were now able to purchase
products from the internet and delivering the
product in your home. This eliminates the hassle
of going to the store and purchase the product the
customer wishes to buy.
There are also machines that accept the
money and this cash can be deposited to your
account and the account of that user updated real-
time and this eliminates the scare of losing the
money while having the transaction because in the
old-way of depositing money, the depositor can
only see the updated account after a 24-hour
interval.
Overall, these kinds of technology are very
convenient and it really made our life very easy.
Here is the list of ideas that might be implemented
in the future. These ideas maybe very fictional but
it might happen in the near future.
Bills and coins will be replaced with cards.
This idea might happen because what’s happening
right now is that all big transactions are happening
in a form of cheque and with the use of credit
cards. Buying of products will be done by just
swiping the card without the hassle of paying the
cash and receiving the change. All products can be
bought through the card and the user must better
protect this card because it is a form of money.
Sending Money is just as easy as sending a
text message. If your parents forgot to gave you
the allowance for this week and you already went
to school or you work in abroad and you need to
send money to your family back in the
Philippines, worry no more because we can send
your allowance easily or your money padala by
just loading the amount to your card and you can
now purchase anything you want until your budget
runs out.
You can still buy anything you want even
you don’t have enough money. In this generation,
it is impossible to buy things especially if you
don’t have enough money. But with this idea, you
can now purchase it and what will happen is that it
will be just credited to your account or card. The
idea is similar to a credit card that’s why there’s
nothing new with this innovation.
Cards are all password-protected. Before
the user can purchase the item he/she wished to
buy, he/she has to enter the password to ensure
that the card is really yours. So don’t give
passwords to anyone.
MyBank Account. This system is similar
to MyLasalle but what it is found in this system is
all information regarding purchases and other
financial stuffs. It is a very big system that [4] Lents, Danny. What Is Identity Theft?
manages your financial accounts and this can help Retrieved March 9, 2009, from
the user for making important reports such as http://www.idtheftawareness.com/docs/WhatIsIdT
budget plan, purchases for this month and the like. heft.php, 2007

Google Bank. By this time, google is now
the most influential company and they are the one
who is maintaining the Mybank system. All banks
are registered in Google and this is a very big
information system.
Online SM. This is a mall and in this web
site you can find almost all products in the world
where you can purchase with the help of your
account card. The product will be delivered to you
and this eliminates the hassle of going to a real
mall.
These are some of our recommendations
or prediction for the banking industry. This is a
field where innovations are fast happening and
this can be a good example of an emerging
technology because there’s a bright future ahead
with this industry. This can make our life faster
and easier and once this industry reached its
highest level.
8. REFERENCES
[5] N.A. Safe Internet Banking. March 11, 2009 at
http://www.fdic.gov/bank/individual/online/protec
t.html, 2007
[6] Simon, Jeremy. Credit card fraud: examining
debit and credit card payment fraud. Retrieved
March 9, 2009, from
http://www.creditcards.com/credit-card-
news/credit-card-fraud-and-safety-of-your-cards-
1276.php?a_aid=1017&a_cid=1204, 2007
[7] Webopedia. What is security? - A Word
Definition from the Webopedia Computer
Dictionary. Retrieved March 9, 2009, from
http://www.webopedia.com/TERM/S/security.htm
l, May 17, 2004
[8] McGlasson, Linda. The Insider Threat: 16
Tips to Protect Critical Data. March 11, 2009 at
http://www.bankinfosecurity.com/articles.php?art
_id=1257&opg=1, 2009

[1] Crimes-of-persuasion. Bank Fraud? Retrieved

March 9, 2009, from http://www.crimes-of-
persuasion.com/Crimes/Business/bank_fraud.htm,
2000

[2] Gold, L. Security, privacy issues claim top

spots on AICPA’s Top Tech Poll. March 11,
2009 at
http://www.webcpa.com/article.cfm?articleid=306
50, 2009

[3] Khor, M. Uproar over privacy of bank data.

March 11, 2009 at
http://www.twnside.org.sg/title2/gtrends109.htm,
2007