e-banking refers to financial services delivered over the internet or wireless networks to customers. The document discusses customers' expectations of e-banking which include convenience, pricing, intuitive experience, access anytime and safe data security. It also discusses businesses' security expectations which are to align with goals, assist with compliance and defend against threats. Some challenges mentioned are that security is not always a core function, there are many changes with minimal downtime and a demanding business environment where trust is key.

1. e-banking & security
What is our customer’s expectations
What should be our security expectations
What are the challenges

2. e-banking
• Refers to financial services (which could be transactional, enquiry or payment services) provided
to personal or business customers and delivered over internet, wireless networks, automatic teller
machines (ATMs), fixed telephone networks or other electronic terminal or devices *
• Internet banking on other hand refers to financial services delivered over the internet to customer devices
including personal computers (including desktop computers, laptop computers and notebook computers),
mobile devices such as smart phones or tablet computers or other devices
• *HKMA risk management of E-Banking 02.09.2015

3. What’s our customer’s expectations
• Convenience
• Pricing for the services
• Intuitive experience
• Options/range of products
• Any time access
• Payment mode
• Data is collected and used as reported
• Data is safe and secure throughout its
lifecycle
• System/Service is sustainable
• Safety against cyber criminals & Bad guys
• Complied to regulations

4. What is business’s security expectations
• Align to business goals and be an enabler
• Assist in meeting regulatory/compliance obligations
• Defend against potential threats, exploits
• Assess and communicate potential risk to the management

5. What are the challenges
• Highly Dynamic
• Security is not considered as a core function
• Too many changes and minimal possible downtime
• Highly demanding business environment
• Trust is key consideration
• Confidentiality | Integrity | Client side |Communication Challenge
• Trust is dynamic
• Cyber security – by 2020 , 60% of digital business will suffer major digital risk

6. What’s our digital landscape
• 15 million + Unique visitors per month
• 60% of which are from mobile devices
• Multibillion $ payments transactions using various payments options
• 10 million plus product

7. Attack vector and elements
1. Initial
reconnaissance
2. Initial
Compromise
3. Establish
foothold
4. Escalate
privileges
5. Internal
Reconnaissance
6. Complete
Mission
Initial compromise Credential
Harvesting
Lateral
movement
Remote
access
Data Exfiltration
Attack
vector
Web
server
shell
Spear
vishing
SQL
injection
Social
engineering