Submitted on 14/01/2008 15:40
I can’t leave this subject alone, but online banking security is really a serious industry issue, not only with money being taken from customer’s accounts, but also their identities.
Over the break I read Alex Zaharow-Reutt’s report from IT Wire “Are banks doing enough to keep their customers safe and secure?”
Reutt argues that with the massive boom worldwide of online banking, banks have started to roll out more sophisticated security such as two-factor authentication, but only to a minority of customers. He points out points out that the US was the first country to recognize that Government is important in pushing financial institutions to introduce better security. It’s not just the customer’s computer security that’s the issue, but also the bank’s own security of network.
I have discussed the vulnerabilities of online banking and mobile banking of late, and it is further compounded by three parts, the bank’s own security, the customer’s own protection of their records and computer security, and the last and evil part - the Hacker. It is getting to a point where it may be difficult for a bank to protect the customer’s basic details.
I am glad to say that the Digipass system RaboPlus offers is still considered one of the most secure online banking systems available to retail customers.
I have comprised a list of the current issues out there, if you know of any more add to them!
1. Man in the Browser
2. Man in the Middle
3. Phishing
4. Hoax Emails and Fraudulent websites
5. Browser Hijackers
6. Spyware
7. Pop Ads - Adware
8. Vishing – fraudulent phone calls and numbers
9. Smishing: Mobile Banking Security – Brendan McGee posted this great discussion on mobile banking security in October. “Discussion about Mobile Banking Security at a Feverish Pitch”
So another one to add to the list!
10. The Pinch
Brian Kregs of the Washington Post has focused on this issue by warning of a new class of malicious software which is specifically designed to counter the security technology of Bank of America and others that allow customers to change their account details online.
The new version of a trojan called ‘Pinch’, also looks to pinch the special token that gets planted on the machine of anyone who banks online who is using ‘Adaptive Authentication’, a web site security technology often called ‘Site Key’ which is owned by RSA Security.
F-Secure says the guys behind the Pinch Trojan are from Russia and it is available in Russian or English.
This issue is not going away and it’s one we all need to work against.
Please share any scams you know about on my blog so we can all be extra diligent and report anything suspicious.
Add comment
Trackbacks (0)
Trackback url
Permalink
Related Posts
Comments
