Technology news and Jobs 
Fuzzy Logic Online banking, transactions and security – how safe are we really?
Fuzzy Logic Online banking, transactions and security – how safe are we really? | Online banking, transactions and security – how safe are we really? |
|
| by Alex Zaharov-Reutt | |
| Sunday, 02 December 2007 | |
|
Page 2 of 4 As it currently stands, banks and most online stores today only protect the account holder or the customer up to the front door of their computer. In addition, banks have specifically enticed customers to utilise online banking and access their online accounts anywhere they may be in the world at virtually anytime. Naturally, this has driven efficiencies and profit gains for all banking organisations. Featured Whitepaper
5 Best Practices for Smartphone Support
The US was one of the first countries to recognised that the banking industry is only going to move on talking online security seriously when they are being put under pressure by Government - and really only then when the US Government released the FFIEC banking guidelines that mean banks needed to provide more than one factor for ‘authenticating customers’. US banks were given a deadline of December 2006 to increase the security of their Internet banking sites. However, as can be expected in a world of ever changing security issues and challenges, alongside the ever growing bottom line cost of security, US and global banks have failed to adequately address the issues and have mainly done as little as they had to in order to satisfy the heightened security requirements. As an example, virtually no major US bank has issued hardware tokens or implemented SMS security for their customers, with noted security journalist Brian Krebs of The Washington Post discussing this in great detail in his blog. The Banking industry has gone through virtually all the different types of security issues around today, starting from simple phishing attacks (which are still successful, believe it or not!), internal fraud, cross site scripting vulnerabilities, denial-of-service attacks, very targeted malware, big scale malware (such as mpack + torpig) and even sophisticated attacks against hardware two factor authentication. Banks have done only as much as they had to, to protect their pristine and ‘safe as money in the bank’ image. Joining the long list is now a study from the Queensland University of Technology (QUT), linked above, that stated that “Using SMS passwords won’t protect people from internet banking fraud”, and that 61% of the users were successfully duped in a stealthy attack performed during the study. Were this study done with a computer illiterate group, the figure would more likely be 99%. For any bank using SMS authentication or thinking of rolling it out soon, this latest study is bad news indeed. But is this latest attack on banking security really news? Not if you’ve been listening to what the security experts, such as Professor Bill Caelli from Australia’s QUT, Graham Ingram, the General Manager of AusCERT or Andreas Baumhof from TrustDefender have been saying. To start with, it’s foolish to believe that one particular technology will solve all problems. So, what is the solution? Please read onto page 3 for more... |
| < Next story in category | Previous story in the category > |
|---|
