Banking: Is transferring funds through an ATM vulnerable to hacking or security weaknesses?
Banking
Asked by Question Bot11/Jul/20141 answer
1 Answer
F
Faisal Khan
Answered 11/Jul/2014
No, its not. Couple of reasons:
However, having said that, banks who have not implemented 2FA for IBFT have had a series of cases where social engineering or phishing emails have resulted in fraudulent transactions, but that is more from a view point of a weak link at the bank's end by not implementing 2FA in their Internet Banking and a gullible customer.
- Its backed by 2FA (social engineering hacks are another thing), but overall security of IBFT is good.
- The PIN validation is done via the Bank's own HSM
- The infrastructure as operated by 1Link is stress tested, vulnerability tested and penetration tested by TrustWave on a regular basis.
- The code review has also been done by TrustWave
- There is no outside party that has access to the switch itself other than the banks (who too get routed via their host server)
- There are no APIs to connect to
- There is no part of the infrastructure for the Switch Operator that is connected to the Internet.
However, having said that, banks who have not implemented 2FA for IBFT have had a series of cases where social engineering or phishing emails have resulted in fraudulent transactions, but that is more from a view point of a weak link at the bank's end by not implementing 2FA in their Internet Banking and a gullible customer.