Comm Bank beefs up net banking security

Stuart Corner
Monday, 29 January 2007 06:31

Business IT - Security

The Commonwealth Bank of Australia has moved to beef up security of its Internet banking by distributing - to 30,000 power users of the services - tokens that display a changing code that must be input in order for the user to log on.

The device is small enough to fit on a key ring, according to the Bank, and the code changes every 30 seconds.

The bank described the move as the first phase of a programme to introduce two-factor authentication for all customers. For less intensive users of the system who have a mobile phone SMS authentication will be used. When the customer attempts certain types of transactions the system will deliver a code via SMS which must be entered in order to complete the transaction.

The bank's Internet banking service, Netbank, already has additional safeguards for some transactions. When payment to a new account is first attempted the user must enter the answer to question they have previously lodged with the bank to which only they are likely to know the answer. They are also sent an email message notifying them of such transactions.

All major banks are introducing two factor authentication in the face of increasingly frequent attempts to get access to static passwords by means such as spurious emails, key stroke loggers etc.

In December Marshal's Threat Research and Content Engineering (TRACE) Team reported a threefold increase in phishing emails in the previous week, primarily due to a massive jump in phishing messages being sent from South Korea and China.

Phishing emails increased from 0.4 per cent of total spam in November 24 to represent 2.2 per cent of total spam, the highest level of phishing emails since July 2006, according to TRACE, a tripling of the average phishing email rates over the last six months.