Join the Community

23,844

Expert opinions

40,607

Total members

397

New members (last 30 days)

198

New opinions (last 30 days)

29,241

Total comments

Join Sign in

Chip and PIN readers provide protection against such attacks

25 January 2008 Be the first to comment

Retired member

This Symantec warning shows how banks are still open to man-in-the-middle attacks, as fraudsters constantly look for new ways to break in. However, there are solutions available to protect online banking users against these types of attacks. CAP (Chip Authentication Programme) devices can be used to secure not only the individual but also the transaction through two-factor authentication. The problem is that not all banks are using such mechanisms particularly for high risk transactions such as payments to new beneficiaries. These Trojans can be defeated as long as banks have in place sound prevention (such as CAP devices) and detection strategies (such as risk management solutions which can help bank quickly identify fraudulent activity). This is not the first reported incident of this nature and will certainly not be the last. Consequently, banks need to ensure they remain one step ahead of the fraudsters by putting in place comprehensive anti-fraud strategies. Bob Bennett

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

4376

Report

Channels

/payments

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.

Join group

207 opinions 60 members 25 August 2025

Comments: (1)

A Finextra member

25 February 2008

Yes they are safer for the moment - maybe. I am loathe to advise a client to equip millions of customers at fantastic expense, in fact more than they lose. I remember cloning an early one and lost interest in them after that. I assume they are more secure now, but can they tell the difference between a trained monkey and the authorised user? I doubt consumers have really stopped writing the PIN or password down, especially where there's an ever larger number of them to remember. If what the Japanese researchers did with the chimps is any indication the Russian mafia will be recruiting them to operate stolen Vasco cards before too long, it's only a matter of time. The analysts have voted - seen Vasco's share price? Maybe they know something we don't. The only way is to put the consumer in the transaction, and give them a method they like. If someone could work out a way to have the password hidden in plain sight...

I have successfully guessed so many users passwords it's actually become a bore.

I finally went and did something about it, but I'll pay for an ad when I want a plug.

Report