Technology news and Jobs 
Fuzzy Logic Online banking, transactions and security – how safe are we really?
Fuzzy Logic Online banking, transactions and security – how safe are we really? | Online banking, transactions and security – how safe are we really? |
|
| by Alex Zaharov-Reutt | |
| Sunday, 02 December 2007 | |
|
Page 3 of 4 Believing one technology can solve all problems is like believing in a silver bullet solution – and in the real world where things are constantly changing, especially when it comes to security, a different approach is required. Featured Whitepaper
5 Best Practices for Smartphone Support
Every Internet banking session is done between the bank’s backend system (1), the user’s computer (2), over a public internet link (3). Perhaps banks should start protecting these key components, and while they are at it, should provide security and reliability measures in the following adjacent areas: the backend systems, transaction monitoring, encryption, identity/authentication, the network, consumers computers, and in user education. An effective security solution has security components for all these different parts of the system. If a bank misses just one part, the whole security chain can be compromised, just like a chain will collapse if even only one link breaks. Now don’t get me wrong - banks worldwide are doing something – they’re just not doing enough from my point of view. Most banks provide an adequate protection for their backend systems by using firewalls, and other technologies. Some banks (but far from all!) are using transaction monitoring (e.g. ANZ in Australia use their Falcon System, while CBA, also in Australia, use a system called Hawkeye). While everybody uses encryption, Identity Protection Programs in use by different banks vary heavily. But what about the network itself? Virtually no bank is protecting the network, as most just use the public Internet to connect their customers to the banking IT infrastructure. Last but not least nothing is done by the banks for the consumer’s computer, where rootkits, spyware, Trojans and botnets reside, opening up a massive security hole that online criminals are learning to exploit faster than security experts can plug the holes and issue patches. Given the gaps, security can collapse like a house of cards – and if you believe the well-documented reports from various security researchers around the world, this is where hackers are going to break into the banks and all existing security measures will fail. Don’t believe me? Try googling for torpig, sinoval, anserine, mpack, gozi, 76service and storm worm, just to name a few, and see what you find. You may find yourself shocked! So, what’s the banking industry’s typical response? We usually hear that online fraud is relatively small compared to other types of fraud. While this is relatively easy to say if you hide the real figures very carefully, the truth is that online fraud is exploding. So, what can we do about it? Please read onto page 4 for the answer... |
| < Next story in category | Previous story in the category > |
|---|
