17 July 2018


Retired Member

3,614Posts 14,166,392Views 4,515Comments
Online Banking

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.
A post relating to this item from Finextra:

Security experts warn of Trojan.Silentbanker

15 January 2008  |  11170 views  |  0
Experts at security firm Symantec are warning of a new trojan program that circumvents two-factor authentication systems and intercepts account information before it is encrypted.

Chip and PIN readers provide protection against such attacks

25 January 2008  |  3589 views  |  0
This Symantec warning shows how banks are still open to man-in-the-middle attacks, as fraudsters constantly look for new ways to break in. However, there are solutions available to protect online banking users against these types of attacks. CAP (Chip Authentication Programme) devices can be used to secure not only the individual but also the transaction through two-factor authentication. The problem is that not all banks are using such mechanisms particularly for high risk transactions such as payments to new beneficiaries. These Trojans can be defeated as long as banks have in place sound prevention (such as CAP devices) and detection strategies (such as risk management solutions which can help bank quickly identify fraudulent activity).  This is not the first reported incident of this nature and will certainly not be the last. Consequently, banks need to ensure they remain one step ahead of the fraudsters by putting in place comprehensive anti-fraud strategies.  Bob Bennett

Comments: (1)

A Finextra member
A Finextra member 25 February, 2008, 19:02


Yes they are safer for the moment - maybe. I am loathe to advise a client to equip millions of customers at fantastic expense, in fact more than they lose. I remember cloning an early one and lost interest in them after that. I assume they are more secure now, but can they tell the difference between a trained monkey and the authorised user? I doubt consumers have really stopped writing the PIN or password down, especially where there's an ever larger number of them to remember. If what the Japanese researchers did with the chimps is any indication the Russian mafia will be recruiting them to operate stolen Vasco cards before too long, it's only a matter of time. The analysts have voted - seen Vasco's share price? Maybe they know something we don't. The only way is to put the consumer in the transaction, and give them a method they like. If someone could work out a way to have the password hidden in plain sight...

I have successfully guessed so many users passwords it's actually become a bore.

I finally went and did something about it, but I'll pay for an ad when I want a plug. 


Be the first to give this comment the thumbs up 0 thumb ups!
Comment on this story (membership required)

Retired's profile

job title
member since 2014
Summary profile See full profile »

Retired's expertise

Member since 2009
3595 posts4,515 comments
What Retired reads

Who's commenting on Retired's posts

Pooja Golakonda
Behzod Sabirov
Ketharaman Swaminathan
Melvin Haskins
James Treacher
Kenneth Marritt
Mark Santall
Alexander De Lange
Graham Seel
Kishore Meda
Willem Lambrechts