Alex Zaharov-Reutt
Sunday, 02 December 2007 15:41
Opinion and Analysis
Page 1 of 4
As online criminals and hackers develop ever more sophisticated
Trojans, spyware, botnets and attack vectors, are the banks, online
stores, social networking sites and others really doing enough to keep
their customers safe and secure?
In today’s modern world, an 18 year old teenager sitting in his bedroom in New Zealand can be the ringleader of an online criminal gang responsible for creating botnets, installing spyware on consumers PCs and skimming millions of dollars from bank account holders worldwide.
That 18 year old has been caught, the result of a global sting against growing numbers of online criminals and an explosion in online crime.
Are online stores, credit card companies and banks doing enough to ensure our online transactions are secure and our confidential details safe? What about the ever more popular social networking sites who are people targeted by online criminals who aim to steal confidential details that people may also use when accessing their bank accounts?
Online Banking security is only part of the problem, we need to change the mindset of banks, business and consumers in general.
On a relatively regular basis, concerns about online security in general and online banking fraud hit the news. The latest is the aforementioned 18 year old NZ teenager, but only a couple of weeks ago, the Queensland University of Technology (QUT) published a study on hackers being able to
“infiltrate SMS banking passwords”.
Another article from News.com asks
“Is Bank of America lying to its customers?”
Online banking has had a massive boom worldwide, as consumers rapidly took up Internet connections for their computers. Millions of new online users meant that banks needed to upgrade their systems, and forced them to implement better security systems that look for fraud in real time, and investigate technologies such as two factor authentication.
Again in most cases banks have only actually rolled out this extra level of security to only a small percentage of their overall customer base, due to the inconvenience to customers and the added cost to banks.
Two factor authentication is achieved by using keychain sized number generators synched with the banks systems, containing an ever changing code that must be entered along with your username and password, or by sending an SMS message to your phone containing a code that must be entered into your online banking login to proceed to your online accounts.
Unfortunately if your computer has already been compromised by crimeware then the extra security provided via your phone SMS token or key chain token is now irrelevant. In a world of crimeware that includes Trojans, spyware and botnets lurking unsuspected on consumers’ computers worldwide, becoming ever more sophisticated, what are the banks really doing about it? After all, it's obvious that the weakness lies in the consumer's PC, not in the bank's heavily fortified back end - that is still clearly being compromised!
So, what do banks and online stores do today when it comes to security, and what should be done instead? Please read onto page 2 to continue...
