Bad-bots in financial services
These days, some automated financial services are taken for granted; automated telling machines (ATMs) or cash points have been around since the 1960s, internet banking since the 1990s. Few these days write cheques made out to cash or visit banks to make transfers.
Now there is a new wave of automation underway, driven by software robots (or bots), that are changing not just how financial organisations interact with customers but how they deal with each other. Among other things, bots can provide financial advice and carry out trades. Bots are especially good at complex repetitive activities such as producing wealth assessments and gathering the data to populate price comparison sites, for example to show comparative quotes for insurance.
All this automated activity can benefit both banks and their customers, however, there is a down side; criminals are using bots too. In 2017, robbing a bank is much more likely to be perpetrated by a cybercriminal with an army of bots than a mobster with a sawn-oﬀ shotgun. So-called bad-bots are hard at work cracking access credentials, seeking out vulnerabilities in web sites and online applications, obfuscating targeted criminal activity with volume denial-of-service attacks and so on.
The trouble is distinguishing the good-bots from the bad and working out what some of the ones in-between are up to. Credential cracking bots, testing bank accounts for the use are of commonly used passwords need to be blocked, only an organisation’s own vulnerability scanners should be allowed to probe infrastructure, screen-scrapping bots from price comparison sites may be OK, those from unscrupulous competitors not so.
Fortunately, there are now technologies to help sort bots out based on policy. Quocirca’s Ultimate Guide to how bad bots affect financial services is free to download and provides more detail about how bots are operating in financial services and how to let the let the good ones through the stop the bad ones in their tracks. The full list of Quocirca’s Cyber-Security Threat Series on Mitigating Bad Bots can be viewed HERE. These e-books were sponsored by Distil Networks.