Welcome to the RaboDirect Blog!

Join in the conversation...

Just when we thought it was safe to go back online!

17 January, 2008

I know I talk a lot about online banking security, but it really is a growing issue for many Australians; especially those still using username and password only security.


Internet security firm F-Secure has warned of an upsurge in attacks against banking sites, targeting personal user data. Reported in Computer World this week, these attacks use a new generation of malicious codes in a technique called “Man in the Browser (MITB).”


“Man in the Browser” attacks are activated when a user visits his bank site and a malicious code is triggered. But alarmingly, this Malware is capable of retrieving information such as login and password and then resold by the cyber-criminals to others or used.


Interestingly, Phishing is the spray-gun approach hoping to catch a few customers in the scam, but “Man in the Browser” attacks are very targeted and therefore much harder to defend with basic security systems.


A few online commentators that have useful content on this issue are Sue Walsh’s blog, http://www.igotspam.com/ which is a good resource to keep up to date on online security issues, updates, etc, wider than just banking.


Philipp Gühring is quite an authority on this matter and has been writing about these type of attacks since 2006, for the more technical among you, this paper by Philiipp in January this year goes into more detail.


The Australian online banking industry is very mature with more of us conducting our banking online than many of our international neighbours. As a result, the banking industry is working hard to keep up with all the scams online to protect customers, as are the software giants, such as Microsoft with their developer forums alive with debate and solutions.


RaboPlus is doing everything to protect its customers by giving every customer a Digipass, one of the safest methods of online banking. However we won’t rest on our laurels, the fight with hackers is becoming a serious and International issue not just in the banking sector.


It is also an issue for government and the law, as well as the banking industry on how collectively we are going to seek out and deal with these highly sophisticated criminals.


This YouTube video shows you how easy it is for hackers to steal from an everyday ATM let alone when they get inside your computer. 


 

Discuss now Permalink

Discussions

Daniel Goon (Sydney, Australia) Quote  | 21/01/2008 01:26
Dear Bryan, I was going to take up your invite to ask you a question, but could not find a link that allows me to do that. Therefore, I am using this comment section related to the posting "Just When We Thought ...". My question is: Can you email or mail to me a copy of the Standard & Poors rating sheet that gives RaboPlus a Triple A rating? Thanks & regards, Daniel Goon.
Bryan Inch Quote  | 23/01/2008 12:53
Hi Daniel, you're right, the comment section is the right section to use if you want to ask me a question or if you simply wish to comment on a topic. Rabobank Australia Limited, the issuer of RaboPlus, has a AAA rating from S & P. You can view credit ratings lists on Standard & Poor's site http://www2.standardandpoors.com/. To view a list of Australian bank credit ratings select Australia from the country list then go to ratings > financial institutions > credit ratings list. I hope this helps.
JOHN CANDIDO (Melbourne) Quote  | 02/01/2008 03:21
I was wondering if any other customer of Raboplus has encountered problems with accessing your pop-up on a regular basis? I have been very frustrated over the last year by this problem and I don't know how to get around it. I have rung the customer servicer centre more than ten times over the last year and I have gone back to my computer to make all of the suggested adjustments to my computer's settings without success. I have registered the Raboplus web site as a 'Trusted' site with my operating system as well as allowed all pop-ups from the website to be allowed. Has anybody with a Raboplus account had simmilar problems with accessing the pop-up as well? Thanks.
corinne paterson (Newcastle) Quote  | 02/04/2008 02:16
You might want to recheck that You Tube video posting again. On the last portion of the clip it says 'Please visit Laughvideo.tk for more hilarious videos & movies'.
Bryan Inch (Sydney) Quote  | 02/07/2008 11:01
Thanks for your comment John. I am aware our Customer Contact Centre has had a conversation with you about trying to resolve this issue. I understand this issue is most likely related to a local pc problem, either a connection or some conflicting software on your computer. Raboplus does very intensive testing of the website with different browsers (including Internet Explorer 6 and 7, Firefox 2.0, different operating systems Windows XP and Apple Macintosh). We even try different combinations with the most common pop-up blockers (including Google, Microsoft, Yahoo, Norton) and virus scanners (including Norton and AVG). Computers are very complex systems and although our testing is very intensive it is impossible to test all possible combinations and settings that a user can change. There will always be certain situations that will prevent the correct functioning of the website which are beyond our control. We really strive to operate a user friendly site so I welcome any comments about the site people may have. Cheers Bryan
Bryan Inch (Sydney) Quote  | 02/07/2008 11:05
Thanks Corinne for pointing that out, it appears to be an ad on the You Tube showreel from the postee. I guess it doesn’t take away from the content of how the ATM is hacked which is what I was wanting to show. Just how easy it is to get scammed. It certainly isn’t hilarious in my view.
noel Smith Quote  | 02/05/2008 10:45
Interesting to find that you dont have a general comments input even though you ask for it. replying via other comments seems strange, RESOP ratings I followed the link to their page and they want to sell their standard definitions. For years now I havnt been able to understand the ratings, they are so wierd and they differ between rating organisations. all this AAA+ etc where BB- seems to be sub-prime, another misleading term. whats the matter with A,B,C,D and FAIL just like at school NB when I sorted the list on their web page Rabobank is half way down the 5th page and listed as AA/Stable/A-1+ what goblygook. NAB ANZ AMP and lots more are on higher pages.
Bryan Inch (Sydney) Quote  | 02/11/2008 02:38
A general comments section is something we are looking to implement very soon, thanks for pointing that out though Noel. You’re right in saying that Rabobank Australia is a fair way down the list (I think it’s on the 9th page) but this is because the list is in alphabetical order and is not ranked by credit ratings. I have just double checked the Standard and Poors ratings list and Rabobank Australia is listed with AAA credit rating so I’m not sure where you saw the AA. The ASX website has more information on credit ratings at http://www.asx.com.au/investor/irs/news/credit_ratings.htm.
Ashley (Sydney) Quote  | 02/11/2008 01:27
Hi Bryan, just a quick note on security. I have to say the digipass system is a real pain. It means I can't access my account from different locations unless I carry the digipass around with me, which is impractical. If I had to value the inconvenience, I would say it's somewhere between 0.1 and 0.2% in interest terms. In other words, I would switch to another online savings account that offered an interest rate 0.1% lower than RaboPlus just for the added convenience of being able to access my funds whenever and wherever I happen to be near a computer. RaboPlus has consistently had the highest interest rates but it is coming back to the field due to it's failure to pass on the full rate rise most recently and I am inclined to shift my funds now as a result. I suspect you will tell me that RaboPlus considers the security of funds to be paramount, hence the unwieldy system, but there is no doubting it is over-the-top and gives up too much in convenience for the sake of security. Ashley
mike Quote  | 13/02/2008 11:11
Hi Bryan, This observation is certainly linked to security, but also has a wider implication, I believe, impacting customer satisfaction. I opened my account with you a few days ago, and found that funds had been transferred to you from my linked account before i had received any notification that the account was opened, or any account or access details had been communicated to me. While I appreciate that my money is already working for me, the hiatus between you receiving the funds, and me being engaged as a customer is not a positive experience. After all, at this stage of the relationship, it's up to you to build the trust. At this time, when everyone in the finance and marketing communities are focussed on the imbalance between 'promise' and 'delivery'- note the new CBA ad campaign on which I'd love to hear your thoughts - the notion that a financial institution should 'take from' before it 'gives back', is an interesting one.
Bryan Inch (Sydney) Quote  | 15/02/2008 07:28
Thank you for your thoughts about the Digipass. You’ve hit the nail on the head that the security of your money is a top priority at RaboPlus, but I understand people will all have differing priorities. It’s interesting that in a recent online customer survey conducted by an independent agency for RaboPlus, 88% of customers considered the Digipass offers safe online banking and 82% said it was easy to use. Our average customer’s investment is quite substantial, so I imagine that on the whole, they appreciate the extra security the Digipass offers, even though a few may find it a bit inconvenient. But we can always improve, and I’ve taken your comments on board to consider future improvements to the convenience factor. In terms of the recent interest rate rise, RaboPlus has now increased rates by 25 basis points, consistent with the Reserve Bank increase. However, it should be noted that while we aim to deliver consistently high rates on our deposit products, we don’t price directly against the cash rate and in the future, interest rate movements, whether up or down, will not always be consistent with the Reserve Bank movements.
Bryan Inch (Sydney) Quote  | 22/02/2008 09:02
Thanks for your comments Mike. This actually comes as a bit of a surprise to me, because it's detailed on our online application form. In the section where you entered your linked account details, it also asked you to enter an opening deposit amount (minimum $1) - it states that we will debit the opening deposit from your linked account when we receive and check your signed documents. It's also one of the points covered in the account opening checklist which accompanies your application form, under the "what happens next?" section. It happens in that order so that the direct debit link between your other bank account and your RaboPlus account is set up as soon as we activate your account - so you can transfer your money in and out straight away. As soon as the account is activated, we send you a welcome letter in the mail. But I am happy to take your feedback to our operations team and ask if we can make the steps any clearer during the application process. I have seen the new CBA campaign and no matter what you think of the TV ad creative, the 'determined to be different' promise is certainly a big one. I'm sure the proof will be in the pudding for their customers - we'll see how it bakes over time.
Software companies UK (http://www.geeks.ltd.uk/) Quote  | 15/01/2010 02:27
Nice post, Username and password security is alot safer than none at all though, Thanks

Discuss this post

Fields marked * are required