Mon, Jul 18, 2016 - Page 6 News List

EDITORIAL: Are Taiwan’s banks easy targets?

Days after First Commercial Bank’s automatic teller machine (ATM) heist, the bank on Friday declared a loss of NT$83.27 million (US$2.6 million) from 41 machines and on Saturday, police made public the identities of 10 suspects.

The case is unprecedented in Taiwan in terms of the type of hacking used, the number of machines compromised, the number of suspects involved and the amount stolen. However, it is not new to other nations, as several ATM heists of this type were reportedly carried out years ago in Russia, Europe and the US in what appeared to be attacks by organized crime gangs, in which ATMs were reprogrammed to dispense cash using malware.

Russian cybersecurity firm Kaspersky Lab last year issued a report saying that an international organized crime ring had stolen up to US$1 billion from more than 100 banks in 30 nations since at least the end of 2013. In May, criminals used fake credit cards to make off with ¥1.4 billion (US$13.36 million) from more than 1,400 convenience store ATMs in Japan.

Some might say that local banks are now more aware of potential security threats as their services become digitized, while others might say it is better to have such incidents happen sooner rather than later. However, it cannot be denied that the hacking of First Commercial Bank’s ATMs exposes the vulnerability of the nation’s banking systems to cyberattacks, and highlights the government’s belated awareness of information security.

It also raises the question whether banks are adequately informed about such malicious activities and have taken preventive measures.

As for First Commercial Bank, it has long boasted of its more than 100-year history, which has seen it through the varying stages of the nation’s economic development, and it is averse to conceding that its systems could be so easily penetrated. However, this incident shows the bureaucratic indolence of the state-run bank and its careless management regarding security. It remains a mystery why First Commercial Bank was the only institution targeted among the many banks that use the same Wincor Nixdorf ATM model, barring any assistance from rogue employees.

Nonetheless, the thieves’ success in withdrawing cash without using ATM cards or tampering with the machines on July 9 and July 10 was impressive. Security experts believe First Commercial Bank’s replacement of 34 ATMs earlier this month and a relatively high density of ATMs in Taiwan was a factor, especially because the machines are often well-stocked.

Most importantly, in a worrying sign for the rest of the nation’s banks, First Commercial’s computer system was not able to detect any irregularities because the thieves had found a loophole in the security monitoring platform: They withdrew money, but left no transaction records. They forced the ATMs to dispense money without draining personal bank accounts, which might have set off alarm bells more quickly.

Both regulators and bankers are now looking into other potential instances of such fraud and have vowed to address any concerns over financial security raised by the heist. The Executive Yuan plans to launch a special task force on information and communication security on Aug. 1, despite a lack of information security personnel, actual training and professional equipment in response to increasing cyberattacks.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top