Cybersecurity in e-banking: Trust and security in a digitally connected world

The Darknet and “malware as a service”: challenges in a digital age

The Darknet, known for its hidden marketplaces and offers such as “malware as a service”, is an unsettling development. Bank CIC and its IT teams work tirelessly on new defence strategies and constant improvements for the security system. Ongoing research and collaboration with security experts ensure that our technology is always up to date. Providing information to our clients is also an important element so that they can recognise even the most sophisticated phishing attempts.

Fraudulent websites and emails

These days, criminals are able to copy websites and online applications with a high level of precision. “Phishing” is used to simulate a real website and thereby to steal access data unnoticed. It has become difficult to recognise imitations, since solutions are also offered for this on the Darknet. An aesthetically attractive website does not guarantee that it is real. Users are often directed to such websites via fraudulent emails. The domain, for example “cic.ch”, is an important indicator. Therefore, always check the address bar of your browser and avoid suspicious URLs.

The human factor

As a rule, security software is reliable at recognising suspicious domains in the context of phishing. However, new types of fraud often combine various methods of attack, such as phishing emails and phone calls, to intercept two-factor authentication codes such as SMS TANs or codes from authenticator apps. Be cautious: we will never contact you without reason to ask for your two-factor authentication codes or passwords.

AI: progress with double-edged effects

The developments in artificial intelligence (AI), such as in the area of intelligent chatbots, are fascinating, but also carry risks. In particular, AI is now able to create images and text, often of impressively high quality, more quickly and efficiently. However, criminals also now use these progressive tools, for example to perfect their phishing attempts, especially in regard to the quality of the presentation and text. For this reason, users should carefully check the circumstances and context of the email or social media message and always question their legitimacy.

The importance of regular system updates

Regular system updates are a key principle of IT security. We ensure that all systems are always up to date in order to minimise the risk of security breaches. We also encourage our clients to keep their personal devices up to date, since older mobile phones and operating systems in particular are often no longer fully supported with security updates and are thus more susceptible to security vulnerabilities. For us, the data security of our clients is paramount. We must therefore gradually phase out access to CIC eLounge from older devices and operating systems. At the same time, we recommend always keeping smartphones, tablets and computers, as well as the software they use, up to date.

Passwords: a false sense of security

Using the same password for years, especially on different websites, entails major risks. Even passwords that at first glance seem complex can be cracked with today’s computing capabilities. For this reason, you should use strong passwords that include special characters, and avoid easily guessable information such as birthdays or names of loved ones. One good method is to use easy-to-remember sentences and make a strong password out of them that includes special characters and punctuation. A password safe can help you securely save a large number of different passwords.

The mobile device and two-factor authentication: reliable guards

Modern mobile devices with functions such as a fingerprint scanner and facial recognition set new security standards. Two-factor authentication offers additional protection. With this method, a second security factor is requested in addition to your user name and password. One of the first reliable solutions still in use to this day is the SMS TAN, which is sent to the personal phone number of the user. Another option is to have the TAN sent by phone call. More reliable solutions are now available. These include authentication apps, which are connected with the corresponding service and provide constantly changing TANs, and push notifications, such as the one that is used in CIC eLounge. Of course, these methods are only fully effective if access to the mobile device itself is also protected by passwords or biometric methods such as facial recognition or a fingerprint scan.

Our contribution to your security

We continuously invest in the latest security standards and actively monitor threats so that we can take appropriate measures. We train our employees on a regular basis in conjunction with the EBAS platform “eBanking – aber sicher!” (ebanking – securely, of course) provided by the Lucerne University of Applied Sciences and keep our systems up to date. You can find further information and lots of tips at ebas.ch.

In summary: your contribution to security

• Use two-factor authentication only if you want to log in.
• Use strong passwords and save them securely, ideally in a local password safe.
• Protect your smartphone and update the operating system regularly.
• Be wary if you are contacted regarding access data and never let yourself be intimidated or put under pressure.

Cooperation is the key for secure e-banking. Stay alert and do not hesitate to contact us if you have any questions or concerns.