22 July 2018
Stephen Wilson

Stephen Wilson in Lockstep

Stephen Wilson - Lockstep Group

34Posts 137,723Views 174Comments
A post relating to this item from Finextra:

ING Direct offers US customers free anti-fraud software

23 May 2008  |  11225 views  |  0
ING Direct, the direct banking business of Dutch group ING, is offering US customers free anti-phishing software from Internet security outfit Trusteer.

What about offering a phishing-proof interface?

23 May 2008  |  4006 views  |  0

How is it that we have all forgotten that an ounce of prevention is worth a pound of cure? Giving away anti-phishing software is shutting the stable door after the horse has bolted. 

Phishing and pharming is enabled by the fact that conventional client-to-website connections pay no attention to the integrity of the target site.  A phisher sends out a million invitations by e-mail to click on a link, and some proportion of people inevitably do so -- but their browsers aren't configured to tell the difference between a real site and a fake.  Or, punters are diverted to a pharming site -- totally bogus but cut-and-paste from the real mccoy -- and just because it looks right, or because a padlock pops up, they trust it.

With just a little more effort, we could establish secure e-mail between banks and customers (probably web mail would be best) using EMV smartcards and the like to carry the keys. Cards should carry not only the private keys of the customers that establish their legitimacy, but also the 'master' public keys of the bank.  So, when you seem to have received an email from the bank, your card can double check its authenticity. And when you you're trying to visit the bank site, instead of typing in URLs or clicking on links, the session can be established using a bona fide key retrieved from the bank's own chip card. 

We shouldn't need to deploy anti-phishing software in an endless game of catch,  engaged with scammers who continue to exploit the fundamental insecurity of the medium. Imagine the possibilities if banks could simply restore customer trust in e-mail!



Comments: (0)

Comment on this story (membership required)

Latest posts from Stephen

Now is not the time to go soft

03 August 2012  |  4179 views  |  2 comments | recomends Recommends 0 TagsSecurityPayments

How much worse can CNP fraud get?

17 July 2012  |  3305 views  |  1 comments | recomends Recommends 0 TagsSecurityPayments

Credit card numbers are like nitroglycerine

13 January 2012  |  4802 views  |  0 comments | recomends Recommends 0 TagsSecurityPayments

Banks really know their customers

13 December 2011  |  3385 views  |  1 comments | recomends Recommends 1

Taking full advantage of Chip

02 June 2011  |  4596 views  |  6 comments | recomends Recommends 0

Stephen's profile

job title Managing Director
location Sydney
member since 2008
Summary profile See full profile »
I specialise in digital identity, privacy, smart technologies and fraud prevention. I run the Lockstep Group, which researches and develops innovative solutions to Card Not Present fraud and identity...

Stephen's expertise

Member since 2008
34 posts174 comments

Who's commenting on Stephen's posts