《第五章 网络银行风险与安全课件》由会员分享,可在线阅读,更多相关《第五章 网络银行风险与安全课件(39页珍藏版)》请在金锄头文库上搜索。
1、第五章 网络银行风险与安全,第一节 网络银行的风险 第二节 网络银行的风险管理 第三节 网络银行安全,第一节 网络银行的风险,一、传统商业银行面临的风险 二、网络银行面临的风险 三、巴塞尔银行监管委员会对网络银行风险的诠释,一、传统商业银行面临的风险,1、商业银行面临风险的外部性特征 2、传统商业银行风险的分类 信用风险、国家风险和转移风险、市场风险、利率风险、流动性风险、操作风险、法律风险、声誉风险(巴塞尔银行监管委员会)。,次贷危机与银行风险,IMB截至2008年3月31日为止,资产总额为320亿美元,存款金额为190亿美元。在楼价下跌和断供楼按宗数上升的情况下,IMB共录得9亿美元的亏损
2、。 FDIC估计,接管IMB的成本介乎40亿至80亿美元,可能是历来收购银行成本最高的一宗。,加州银行Indy MacBank (IMB) 的客户2008年6月底以来11天共提走13亿美元,银行因此倒闭。是历来在美国政府监管下而破产的最大型存贷款银行,也是美国史上第二大倒闭的金融机构。 据FDIC数据,IMB是美国史上第二大倒闭银行,仅次于1984年破产的Continental Illinois National Bank,后者资产接近400亿美元。,二、网络银行面临的风险,网络银行的风险放大效应 1、对货币乘数的放大效应 2、对货币流通速度的放大效应 3、对风险的放大效应 网络银行面临的主要
3、风险 策略风险;市场信号风险;操作风险;信誉风险;法律风险;信用风险;流动性风险;市场风险;外汇风险;网络银行的跨国问题,三、巴塞尔银行监管委员会对网络银行风险的诠释,RISK MANAGEMENT FOR ELECTRONIC BANKING AND ELECTRONIC MONEY ACTIVITIES Basle Committee on Banking Supervision Basle,March,1998 http:/www.bis.org/publ/bcbs35.htm,Because of rapid changes in information technology, no
4、list of risks can be exhaustive. The intention in this document is to describe a broad, representative set of risks as a basis for designing general guidance for risk management. ,At this stage, it would appear that operational risk, reputational risk, and legal risk may be the most important risk c
5、ategories for most electronic banking and electronic money activities, especially for diversified international banks Some of the specific problems cut across risk categories. For example, a breach of security allowing unauthorised access to customer information can be classified as an operational r
6、isk, but such an event also exposes the bank to legal risk and reputational risk. ,2.1. Operational risk Operational risk arises from the potential for loss due to significant deficiencies in system reliability or integrity. Security considerations are paramount, as banks may be subject to external
7、or internal attacks on their systems or products. Operational risk can also arise from customer misuse, and from inadequately designed or implemented electronic banking and electronic money systems. Many of the specific possible manifestations of these risks apply to both electronic banking and elec
8、tronic money.,2.1.1 Security risks Operational risk arises with respect to the controls over access to a banks critical accounting and risk management systems, information that it communicates with other parties and, in the case of electronic money, measures the bank uses to deter and detect counter
9、feiting. A variety of specific access and authentication problems could occur. For example, inadequate controls could result in a successful attack by hackers operating via the Internet, who could access, retrieve, and use confidential customer information.,In the absence of adequate controls, an ou
10、tside third party could access a banks computer system and inject a virus into it. In addition to external attacks on electronic money and electronic banking systems, banks are exposed to operational risk with respect to employee fraud: employees could surreptitiously acquire authentication data in
11、order to access customer accounts, or steal stored value cards. Inadvertent errors by employees may also compromise a banks systems.,2.1.2 Systems design, implementation, and maintenance A bank faces the risk that the systems it chooses are not well designed or implemented. 2.1.3 Customer misuse of
12、products and services As with traditional banking services, customer misuse, both intentional and inadvertent, is another source of operational risk. ,操作风险案例:黑客盗取400储户资料和4万元钱被判刑,建QQ群“虚心”请教专业知识: 张朋家住成都市区,王宝成家住山西榆社县,两人通过网络结识,除相互交流网络“黑客”知识外,还通过QQ群向网友请教和探讨有关银行的知识以及如何破译储户密码等。 潜入内网“选择”性伪造证件 2007年7月,张朋通过网络
13、技术,成功进入我省某银行内部网站,成功截取到记录有周某、尹某和杨某等400余储户相关信息的电子文档。文档记录着储户身份证号码、银行卡号、储户手机号码等信息。张朋随即将这些储户信息传送给远在山西的王宝成。,王宝成则根据储户身份证号码和手机号码等数字要素,通过网络银行系统,以不断碰撞和猜测来破译储户密码。王宝成很快就猜中了10余位储户银行卡的密码。之后反馈给张朋。张朋用自己的照片,分别采用储户周某、尹某和杨某等的名字,伪造了3张临时身份证。 频频作案“游击”盗取4万存款 2007年7月25日,张朋持“周某”的临时身份证,前往泸州某银行营业部,以银行卡遗失为由申请挂失。然后用伪造的临时身份证,成功补
14、办到新的银行卡。随后,张朋在泸州某银行自动取款机上,从周某存款中成功窃取了7000元现金。不到1个月,张朋就成功地窃取了4名储户的存款,金额达4万元。 储户存款神秘被盗,各地警方频频接到报案。警方从各取款机上,逐渐掌握了张朋取款时留下的蛛丝马迹。2007年10月22日,张朋被省公安厅刑事拘留。警方远赴山西,将王宝成缉拿归案。省检察院以涉嫌信用卡诈骗罪将两人批捕,后交由高新检察院提起公诉。,法院认为张朋和王宝成是有预谋地盗窃储户存款,与银行监管无直接关系。以信用卡诈骗罪,判处张朋有期徒刑3年,判王宝成有期徒刑1年,并追缴所得赃款。 作案步骤 进入银行内部网站截取储户信息破译储户密码伪造临时身份证
15、申请挂失银行卡补办新银行卡在取款机上取钱。 问题 法院认为“与银行监管无直接关系”,对吗?,过程 2006年底,福州市民姚某发现其在中国建设银行福州广安支行6.7万元存款账户上,金额仅剩400元。 经公安机关调查,犯罪嫌疑人是使用“木马”程序入侵互联网的网站服务器,窃取了包括姚某在内的一些网上银行客户的身份证号码、银行账号及密码,并利用这些信息伪造了受害者身份证和一张磁条已被损坏的龙卡储蓄卡,并持假的身份证和龙卡储蓄卡到建行连江支行支取姚某的存款。建行连江支行的工作人员在犯罪嫌疑人填写了请求换卡的“特殊业务申请书”后,为其换了一张真卡。犯罪嫌疑人持卡支取了姚某活期储蓄账户上的存款6.7万元。
16、结果 福建省福州市中级法院日前终审判决:犯罪嫌疑人使用“木马”程序入侵互联网的网站服务器,窃取了网上银行客户的身份证号码、银行账户及密码,并利用这些资料办卡窃取储户存款,银行应当向储户承担全部赔偿责任。 资料来源: 扬子晚报,2009年05月04日,案例对比: 储户存款遭木马程序入侵窃取 银行被判全赔,2.2. Reputational risk Reputational risk is the risk of significant negative public opinion that results in a critical loss of funding or customers. Reputational risk may involve actions that create a lasting negative public image of overall bank operations, such that the banks ability to establish and maintain customer relationships is signific
