Snippet: Global Finance recently published their 2015 rankings for the richest countries in the world. Not surprisingly, five out of the wealthiest twelve are located in the Middle East: Bahrain (12), Saudi Arabia (11), the United Arab Emirates (7), Kuwait (5), and Qatar (1).

Global Finance recently published their 2015 rankings for the richest countries in the world. Not surprisingly, five out of the wealthiest twelve are located in the Middle East: Bahrain (12), Saudi Arabia (11), the United Arab Emirates (7), Kuwait (5), and Qatar (1).

Of course, this wealth makes the area a target for cybercriminals. In September 2014, Saudi Arabia and the UAE were among the countries attacked by the Vawtrak malware family, while ATMZombie became the first malware to steal money from Israeli banks last November. Kaspersky’s Security Bulletin 2015 saw Lebanon at number 10 among the countries with the highest percentages of attacked online banking users, and it placed the UAE and Qatar among the countries where users face the greatest risk of online infection. Israel and Egypt were classified in the medium-risk group.

So how are the banks in these countries securing their online banking users? The data below, collected from websites of the banks in each country, sheds some light on this question.

From the information available in the public domain, it appears that old-fashioned passwords are still the most popular form of authentication in the region. According to Jaad Tohme from Quantileb in Lebanon, “OTP is still widely used, whereas more recent security measures such as 2FA are not common.” This is reflected in the pervasive use of equally problematic virtual keyboards and challenge questions. While virtual keyboards may be impervious to hardware keylogging (stealing an “imprint” of a user’s credentials as they type it on their keyboard), they are vulnerable to the even more insidious software keylogging. The answers to challenge questions, on the other hand, can be obtained by social engineering or by digging through users’ open personal information on social media.

With attacks that are able to bypass SMS OTP on the increase, using this authentication method to protect online banking users is no longer adequate either. The National Institute of Standards and Technology (NIST) in the United States has stopped advocating its use, and thought leader and group CEO of Doha Bank, Raghavan Seetharaman, is urging banks in the region to catch up: “Traditional security methods such as next-generation firewalls and other reactive measures are losing the fight against a new breed of attacks. Security is now very much about the protection of the application, the enforcement of encryption and the protection of user identity.”

We couldn’t agree more.

Subscribe to our blog.


Jolette Roodt

WRITER/ANALYST

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.