electronic safety and soundness world bank financial sector policy global dialogue
DESCRIPTION
Electronic Safety and Soundness World Bank Financial Sector Policy Global Dialogue. Shu-Pui LI Division Head Banking Development Hong Kong Monetary Authority 11 September 2003 (http://www.hkma.gov.hk). Outline. Trends of Security Incidents Enhancements to Supervisory Framework - PowerPoint PPT PresentationTRANSCRIPT
Electronic Safety and SoundnessWorld Bank Financial Sector Policy
Global Dialogue
Shu-Pui LIDivision Head
Banking DevelopmentHong Kong Monetary Authority
11 September 2003(http://www.hkma.gov.hk)
Outline
Trends of Security Incidents
Enhancements to Supervisory Framework
International Co-operation
Recent Incidents
Increasing number of fraudulent bank websites
Fake emails purporting to be sent from banks
Highly infectious computer viruses and worms
Identity thefts targeting at the weakest link
Suspicious Fraudulent Website
A suspicious bank website: “www.banquedenationale.com”
Case Study - Suspicious Fraudulent Website In June 2003, the HKMA received over 14 inquires
regarding “Banquedenationale Bank”, which had a website “www.banquedenationale.com” and claimed to be a bank with offices in Hong Kong, New York and London.
Initial investigation: offering banking and investment services and
claiming to have presence in Hong Kong not an authorized institution in Hong Kong incomplete Hong Kong address logon page without security protection (no SSL) website without digital certificate
Case Study - Suspicious Fraudulent Website
Potential violation of Banking Ordinance and a suspicious fraudulent website
Reported to the Hong Kong Police for investigation
Confirmed with the US and UK regulators that “Banquedenationale Bank” was not authorized or did not have a banking license
Issued a press release on 19 June 2003 to alert members of the public in Hong Kong
Case Study - Suspicious Fraudulent Website
Challenges Cross-border issues Domain name was registered with a
Canadian internet domain name registration company
Website appeared to be hosted in Shanghai Requested CBRC to assist in the suspension of
the website Website suspended near the end of June 2003 So far, no residents in Hong Kong have been
reported to have any dealings with the entity
What was the aim of the fake bank website?
The website was believed to aim to trick persons into disclosing their sensitive personal information. For instance, according to an overseas press report, a clergyman in the UK received an e-mail in April 2003 claiming to be sent from Zimbabwe. It asked for the clergyman’s help to transfer USD 23 million out of Zimbabwe to fund some charity activities.
“Banquedenationale Bank” then e-mailed the clergyman to request him to fax his passport copy and account number to it to effect the fund transfer. The clergyman felt suspicious and contacted the UK Police.
Enhancements to Supervisory Framework
Consumer education programme
The HKMA is assisting the banking industry in Hong Kong in launching a multi-channel consumer education programme to promote awareness of e-banking security precautions among the general public.
Issuance of an educational leaflet.
Production of TV episodes and Radio segments
Enhancements to Supervisory Framework
Screening local domain names (“.hk”)
The HKMA has arranged with the Hong Kong Domain Name Registration Company to ensure that only authorized entities (e.g. banks) can register their local internet domain names which contain the word “bank” or any of its derivatives in any language (e.g. banque).
Enhancements to Supervisory Framework
The banking industry in Hong Kong, the HKMA, and the Hong Kong Force will develop an incident response mechanism (e-FIRST process) for the banking industry to better handle:
outbreak of viruses - e.g. w32blaster.worm
e-frauds
systemic incidents
Supervisory Control Self-Assessment (CSA)
Supervisory Control Self-Assessment (CSA) Assisted the HKMA to prioritise supervisory resources
and to have good coverage of all major banks Rolled out CSA to 40 banks in Hong Kong
Positive feedback received, including:
useful process for bank management to prioritise resources to focus on high risk issues
sharing of benchmarking information and common issues
minimal on-going effort by using automated tools
Supervisory Control Self-Assessment (CSA)
0
2
4
6
8
10
12
14
16
18
No. o
f Con
trol P
roce
dure
s
Blue 1.9 1 3 1 2 1 3 2 1 3
Red 3.7 3 3 3 3 5 3 4 5 3
Yellow 4.3 3 7 3 3 3 4 5 5 7
Green 15.1 18 12 18 17 16 15 14 14 12
Average of 7 AIs
AI w ith Most Green CPs
AI w ith Least Green CPs
Bank A Bank B Bank C Bank D Bank E Bank F Bank G
International Co-operations
Cross-border co-operation In view of the cross-border nature of some e-f
rauds, the HKMA has suggested the Electronic Banking Group (EBG) of the Basel Committee on Banking Supervision to:
establish an updated contact list to expediate communication among EBG members for handling cross-border e-banking incidents.
QUESTIONS??