26 September 2017

44975

Retired Member

3,112Posts 11,084,376Views 3,390Comments
Trends in Financial Services

Trends in Financial Services

A community to discuss the future of financial services and any other interesting trends, strategies, ideas, views.
A post relating to this item from Finextra:

ABN Amro compensates victims of 'man-in-the-middle' attack

02 April 2007  |  23542 views  |  0
caution.JPG
Four ABN Amro customers activated a virus allowing a man-in-the-middle attack that overcame the bank's two-factor authentication. After the attack, ABN Amro removed an 'urgent payment' option from its...

ABN Amro problem was predictable

03 April 2007  |  6266 views  |  0

I blogged here last August, that it was predicted Man in the Middle attacks would defeat tokens, and sure enough here we go.

"The bank says that its customers opened an email attachment that resulted in a virus being executed on their machines. This virus changed their browsers' behaviour so when they went to open the real ABN Amro online banking site, they were instead re-directed to a spoof site.

The customers then typed in their passwords, which the attacker in turn used to access the bank's real Web site. The customer's own transactions were passed along to the real site, so they didn't notice anything wrong right away, while the attacker simultaneously made their own fraudelent transactions using the bank's urgent payment feature."

 One thing that 100% of security experts will tell us, is that there is no universal solution.  Security requires a layered approach of a security portfolio comprising multiple solutions.  Tokens have been held out as "the" solution, and this simply not true.

 

TagsSecurity

Comments: (1)

A Finextra member
A Finextra member | 19 April, 2008, 10:39

I suppose it's a bit late to mention out of band authentication using mobile phones. I see two problems soved by the same solution.

Stop the man in the middle and make absolutely sure your customer knows they are opening a genuine email from you.

Use the mobile. Simple really. 

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Retired's profile

job title
location
member since 2014
Summary profile See full profile »

Retired's expertise

Member since 2009
3072 posts3,390 comments
What Retired reads

Who's commenting on Retired's posts

Ketharaman Swaminathan
Charmaine Oak
Francis Chlarie
Raymond Lee
Deepthi Rajan
Melvin Haskins
João Bohner
Bob Lyddon
Urs Meier
Steven Hatton
Ahmed Saleh