An article relating to this blog post on Finextra:
Ukraine arrests key players in $70m Zeus fraud
Ukrainian authorities have arrested five people accused of being "key subjects" in an international criminal ring that used the Zeus Trojan to steal $70 million from online bank accounts.
Zeus is bad and future versions of malware could be much worse; when will we move beyond the exclusive strategy of trying to detect or block nefarious software? So many security specialists continue to bar the participation of one of the most effective foot-soldiers:
the customer. When criminals infect computers to impersonate account-holders the bank, merchant or processor must Deputize the Customer(TM). From alerts to UDLAPs (user-defined limits and prohibitions, a Javelin acronym), our research show that account-holders
and identity-holders are willing and able to join the battle against a common enemy. Banks and merchants necessarily put much focus on protecting the servers and the network, yet when working to stop fraudulent transactions the customer is often treated as
though they are unnecessary or even dangerous and the financial institutions deploy an near-exclusive "back-end" fraud-mitigation strategy.
We've been researching customer-involved security and fraud mitigation since our company's inception some seven years ago, and with each year I become ever more convinced that teaming up with the customer is the most effective way to stop the bad people.
Identity crimes generally involve three types of parties (criminals, service providers and customers), yet our mystery-shop research of banks show that only two are as involved as they could be.
Involving the customer not only is an effective deterrent against crime, our research shows that it pays additional dividends by boosting adoption, cross-sell and loyalty.