Blog article
See all stories ยป

An article relating to this blog post on Finextra:

Security experts warn of Trojan.Silentbanker

Experts at security firm Symantec are warning of a new trojan program that circumvents two-factor authentication systems and intercepts account information before it is encrypted.

See article

Chip and PIN readers provide protection against such attacks

This Symantec warning shows how banks are still open to man-in-the-middle attacks, as fraudsters constantly look for new ways to break in. However, there are solutions available to protect online banking users against these types of attacks. CAP (Chip Authentication Programme) devices can be used to secure not only the individual but also the transaction through two-factor authentication. The problem is that not all banks are using such mechanisms particularly for high risk transactions such as payments to new beneficiaries. These Trojans can be defeated as long as banks have in place sound prevention (such as CAP devices) and detection strategies (such as risk management solutions which can help bank quickly identify fraudulent activity).  This is not the first reported incident of this nature and will certainly not be the last. Consequently, banks need to ensure they remain one step ahead of the fraudsters by putting in place comprehensive anti-fraud strategies.  Bob Bennett

Comments: (1)

A Finextra member
A Finextra member 25 February, 2008, 19:02Be the first to give this comment the thumbs up 0 likes


Yes they are safer for the moment - maybe. I am loathe to advise a client to equip millions of customers at fantastic expense, in fact more than they lose. I remember cloning an early one and lost interest in them after that. I assume they are more secure now, but can they tell the difference between a trained monkey and the authorised user? I doubt consumers have really stopped writing the PIN or password down, especially where there's an ever larger number of them to remember. If what the Japanese researchers did with the chimps is any indication the Russian mafia will be recruiting them to operate stolen Vasco cards before too long, it's only a matter of time. The analysts have voted - seen Vasco's share price? Maybe they know something we don't. The only way is to put the consumer in the transaction, and give them a method they like. If someone could work out a way to have the password hidden in plain sight...

I have successfully guessed so many users passwords it's actually become a bore.

I finally went and did something about it, but I'll pay for an ad when I want a plug. 


Blog group founder

Member since




More from member

This post is from a series of posts in the group:

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.

See all