17 October 2017

44975

Retired Member

3,170Posts 11,339,041Views 3,404Comments
Online Banking

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.
A post relating to this item from Finextra:

Security experts warn of Trojan.Silentbanker

15 January 2008  |  11011 views  |  0
the_eye.JPG
Experts at security firm Symantec are warning of a new trojan program that circumvents two-factor authentication systems and intercepts account information before it is encrypted.

Chip and PIN readers provide protection against such attacks

25 January 2008  |  3448 views  |  0
This Symantec warning shows how banks are still open to man-in-the-middle attacks, as fraudsters constantly look for new ways to break in. However, there are solutions available to protect online banking users against these types of attacks. CAP (Chip Authentication Programme) devices can be used to secure not only the individual but also the transaction through two-factor authentication. The problem is that not all banks are using such mechanisms particularly for high risk transactions such as payments to new beneficiaries. These Trojans can be defeated as long as banks have in place sound prevention (such as CAP devices) and detection strategies (such as risk management solutions which can help bank quickly identify fraudulent activity).  This is not the first reported incident of this nature and will certainly not be the last. Consequently, banks need to ensure they remain one step ahead of the fraudsters by putting in place comprehensive anti-fraud strategies.  Bob Bennett
TagsCardsPayments

Comments: (1)

A Finextra member
A Finextra member | 25 February, 2008, 19:02

 

Yes they are safer for the moment - maybe. I am loathe to advise a client to equip millions of customers at fantastic expense, in fact more than they lose. I remember cloning an early one and lost interest in them after that. I assume they are more secure now, but can they tell the difference between a trained monkey and the authorised user? I doubt consumers have really stopped writing the PIN or password down, especially where there's an ever larger number of them to remember. If what the Japanese researchers did with the chimps is any indication the Russian mafia will be recruiting them to operate stolen Vasco cards before too long, it's only a matter of time. The analysts have voted - seen Vasco's share price? Maybe they know something we don't. The only way is to put the consumer in the transaction, and give them a method they like. If someone could work out a way to have the password hidden in plain sight...

I have successfully guessed so many users passwords it's actually become a bore.

I finally went and did something about it, but I'll pay for an ad when I want a plug. 

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Retired's profile

job title
location
member since 2014
Summary profile See full profile »

Retired's expertise

Member since 2009
3119 posts3,404 comments
What Retired reads

Who's commenting on Retired's posts

Ketharaman Swaminathan
Dharmesh Mistry
Nicola Cowburn
Michael Wright
Charmaine Oak
Francis Chlarie
Raymond Lee
Deepthi Rajan
Melvin Haskins
João Bohner
Bob Lyddon
Urs Meier