Community

Join the Community

23,967
Expert opinions
40,637
Total members
363
New members (last 30 days)
198
New opinions (last 30 days)
29,264
Total comments
Join Sign in

Zeus continues to reign on high

  0 Be the first to comment
Retired member
Unfollow

News last week that Zeus, a virus that steals online banking details from infected computer users, is more powerful than ever should come as no surprise.

The malware steals log-in information by recording keystrokes when the infected user is on a list of target websites. The user's data is then sent to a remote server to be used and sold on by cyber-criminals. Banks’ web sites are top of the target list.

Banks can protect their customers’ online banking from criminals by introducing two-factor authentication – either via the mobile or via a CAP reader. The passwords captured using the keystroke logger become useless without the second factor. Ultimately, two-factor authentication could be used for log-in and to sign transactions, but this is probably unwieldy for most online use – and security is always a balance of cost, security and usability. Savvy banks however have come up with a compromise: ask customers for usernames and passwords to log-in, but require two-factor authentication when customers wish to access or change sensitive information or authorise payments and transfers of funds.

Unfortunately not all banks have taken this approach, and until they do, their customers will remain vulnerable. Only by properly securing the internet banking process using two-factor authentication can banks start waging an equal war against the cyber criminal.

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

4523
 

Share

 
 
 
 
 

Channels

/security
 

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.

Join group

207 opinions 60 members

Comments: (3)

A Finextra member 

Should the use of mobile phones be advocated for authentication in banking systems?

Zane Lackey, iSec Partners, and Luis Miras, an independent security consultant, suggest telephones are becoming popular for phishing style attacks. Surely it would therefore be prudent to avoid their use for authentication purposes?

Zane Lackey and Luis Miras (2009) Attacking SMS. In proceedings of Black Hat Briefings USA, Caesars Palace, Las Vegas, USA.

Jeff Anderson (2010) Mobile Spoofing. BBC Watchdog, http://www.bbc.co.uk/blogs/watchdog/2010/04/mobile_spoofing.html

A Finextra member 

Thanks for the information Ben. I had not seen this specific information on mobile phone phishing attacks. It was quite worrying to see the lady on the BBC Watchdog clip giving away her account details and personal information so easily. Phishing through whatever means probably cannot be eliminated, but better awareness of its dangers can potentially reduce its impact.

There are various two-factor approaches using mobile phones. Some of them do not require any network connection once the two-factor application has been downloaded to the phone and validated. I can't see how phishing could attack this approach very easily.

A Finextra member 

Thanks for the reply. I believe http://www.cronto.com/ offer services similar to those that you describe.

More expert opinions

Mohit Agarwal

Mohit Agarwal Director, Strategy and Innovation at SustainoMetric

ESG And AI: the reality behind the myth

Carlo R.W. De Meijer

Carlo R.W. De Meijer The Meyer Financial Services Advisory (MIFS) at MIFSA

Europe’s digital payments push: Consortium of EU banks launch euro-based stablecoin

Leon Fischer-Brocks

Leon Fischer-Brocks Co-Founder | CEO at Bloxley

Why Your Best AI is the AI Your Customers Never Notice

1

Alex Malyshev

Alex Malyshev CEO, Co-founder at SDK.finance, FinTech software provider

High-Volume Transactions: Essential Benchmark or Industry Hype?

See all opinions

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

23,967
Expert opinions
40,637
Total members
363
New members (last 30 days)
198
New opinions (last 30 days)
29,264
Total comments
Join Sign in

Trending

Erica Andersen

Erica Andersen Marketing at smartR AI

The AI Tsunami: Is Assistive Intelligence the Way to Navigate the Waves of Innovation in Finance?

Anurag Mohapatra

Anurag Mohapatra Director of Fraud Strategy and Marketing at NICE Actimize

The High Stakes of Check Kiting: How Old School Fraud Exploits FIs

Anil Kollipara

Anil Kollipara Vice President, Product Management at Spirent

Automating to Assure Resilient Financial Services Networks

Nkahiseng Ralepeli

Nkahiseng Ralepeli VP of Product: Digital Assets at Absa Bank, CIB.

Stablecoins at $44.7T: Signals You Cannot Ignore

Now Hiring

All companies

Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.

Please read our Privacy Policy.

Accept