Malicious mobile applications are the main threat to the security of financial services in the country, says the CEO of KASHEF, the company in charge of the safety and security of banking services.
"Mobile applications downloaded from unauthorized websites account for the major part of financial cybercrime, as reported by the police and judiciary…These applications unlawfully get information about user identity and their bank accounts, including the one-time-password," Ali Akbar Kazeminia told IBENA.
KASHEF is focused on raising public awareness about cybercrime means and practices by creating videos to be shown via the media. It is planning to develop a digital signature for financial applications in collaboration with major app development companies to help users make sure about the authenticity of the application they download, the Kazeminia said.
Elaborating on the company's performance, he said, "By employing artificial intelligence solutions and analyzing user behavior we managed to create an effective mechanism for detecting suspicious transactions."
"The results are regularly sent to the Central Bank of Iran for action."
With the above-mentioned mechanism “we found 29,000 cases of abusing bank cards in online betting websites in eight months and almost 330,000 people involved in online betting," he said.
Casinos and gambling are banned in Iran since 1979.
Some 40,000 cases of phishing websites were also detected in the past two years, all of which were automatically blocked.
The CBI has been collaborating with relevant authorities to curb digital crime. Last year to curb cybercrime related to debit card fraud and improve the security of rapidly growing online banking, it ordered banks to offer OTP service to protect the IDs and accounts of clients.
Later it was reported that the measure resulted in a significant drop in phishing and exposure of sensitive information about bank accounts. The number of phishing cases recorded an annual increase of 400% months before implementation of the one-time-password.
Back in 2012, the Money and Credit Council required the CBI to establish KASHEF (the Persian abbreviation equivalent to banking emergencies and network security control to protect payment systems), enhance electronic banking security and deal with internal and external threats to the banking system sooner rather than later.
“The issue of improving security of banks and financial institutions cannot be conducted by a single entity. All stakeholders, namely banks, the central bank, payment service providers and other relevant bodies need to play their role to achieve the desired result,” he said.
KASHEF has developed various platforms including SARABAN (the strategic system for the security of banks’ information), RADAR (the system for instant monitoring of events) and SARAMAD (a platform that allows the judiciary to block bank accounts) to underpin the support for financial institutions against cyber threats.
Kazeminia said the banking sector has been successful in protecting electronic platforms despite the US sanctions and other constraints. “No one can claim that an electronic platform is 100% secure.”
He added that his company is working on a central platform which allows the CBI to monitor, evaluate and rank banks’ internal platforms.
“These efforts, among other things, are expected to strengthen the ability and resilience of the banking industry against cybercrime.”
