18 October 2017
Innovation and vision
Vishwanath Thanalapatti

Innovation and vision

Vishwanath Thanalapatti - Risk Management Professional

27Posts 117,518Views 31Comments
Finextra community

Internal Auditors in Financial Services

This community aims to provide related links, resources and news references, and to develop a forum for internal auditors to exchange views on various related items.
A post relating to this item from Finextra:

Hackers nab 500,000 Oz credit card numbers

17 August 2012  |  8479 views  |  2
Aussie police say that hackers targeting merchant computer systems may have stolen half a million credit card numbers and racked up A$25 million in fraudulent transactions.

NFC to POS -- Check and mate: The end game for key loggers

20 August 2012  |  5358 views  |  2

I am not at all surprised at this.  It is sub judice even to discuss what the investigation will reveal; yet I will risk my last cent if it is not an ‘inside job’ with the connivance of the POS folks. It was the butler after all.

The phrase ’information security’ on google search  throws up  874,000,000 results (0.17 seconds) and the phrase ‘key logger’ 4,690,000 results (0.21 seconds).  It is safe to conclude the world is aware of information security and key logging.  We have the global population merrily using keyboards for password keying in without much of a thought as this reveals.

I have done internet banking transactions in Canada and India. I see it is much safer in India as compared with Canada.  One simple example, on the log-in page the user has an option to select the virtual keyboard to input the user ID and password, a sure protection against ‘key loggers’.  I have this noted in my book under the section ‘Trifles that matter’.  My canadian bank still believes keyboard is the 'way in' for internet banking.

Extending this logic each POS or ATMs or internet banking page can have a virtual keyboard as an option. Alternately each transaction that requires to key in password can have a 2 factor authentication. One, the password itself; in conjunction a ‘One Time password’ send by way of an SMS that together will approve the transaction.  This can be be a 3 digit randomly generated alpha-numeric key. A more secure option is to shuffle the virtual keyboard from the standard ‘QWERTY’ for each access event.  These are all classic examples in the existing paradigm.

A shift in paradigm is a necessity.  We do have the technology available and it is ubiquitous. You guessed it right the first time. Yes! It is NFC.  Google Wallet 2.0 (if I may so call it) is perfect to stymie the growing global community of ‘key loggers’. I am talking about the front end virtual card with the ‘real’ cards linked in the background.  This will ensure privacy and security.  The ‘secure element’ that google talks about I am sure is a good safeguard guaranteeing privacy.  A quick adoption to this technology will create a welcome unemployment in the ‘keyloggers’ industry.  



Comments: (3)

A Finextra member
A Finextra member | 22 August, 2012, 08:24

Today's smartphones are at least as vulnerable as PC's are, when facing "unemployment" keyloggers will quickly adapt to the new target platform. Virtual keyboards aren't the panacea either, there are some trojans that can read those too ...

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Vishwanath Thanalapatti
Vishwanath Thanalapatti - Risk Management Professional - Toronto, Canada | 22 August, 2012, 15:15

I agree with you there. Nothing is secure in the long run. In this cat and mouse game staying ahead matters. As we speak we have NFC and Virtual key boards that are dynamic and context based that are relatively safer. Surely not for ever though. Relevant technology at that point in time will probabaly have a solution.    

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 24 August, 2012, 18:58

I've seen some banks in the UK who used to support virtual keyboards on their Internet Banking login screens have now removed them. Could it be because virtual keyboards are more vulnerable to "looking over the shoulder" threat vector?

If the threat of keylogging is really so serious, the Indian regulation imposing 2FA for each and every - not just high-value - CNP transaction is somewhat counterproductive. At least, it appears so based on the precedent of the PATCO v. OCEAN BANK ACH fraud lawsuit in the USA, where the court of appeals found in favor of the plaintiff. One of the major factors that went against the bank was its decision to lower the threshold of its Q&A challenge from US$ 1000 to US$ 1. The bank thought it was improving security  by doing this. But, the court ruled that, with rampant keylogging, keyloggers got many more opportunities to harvest the right answers with a lower threshold! Yet another example of "unintended consequences", I guess...

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Vishwanath

SIBOS: The changing trend in technology adoption by banks

28 September 2016  |  3241 views  |  0 comments | recomends Recommends 0 TagsSibosInnovationGroupInnovation in Financial Services

Digitisation: the key to distributed ledger and SWIFT BPO

17 February 2016  |  2567 views  |  0 comments | recomends Recommends 0 TagsInnovationTransaction bankingGroupFinancial Supply Chain

Cashing Out With Technology

02 September 2015  |  2910 views  |  0 comments | recomends Recommends 0 TagsPaymentsFinancial inclusionGroupTransaction Banking

Digital Inclusion: The Need of The Hour

25 August 2015  |  3136 views  |  2 comments | recomends Recommends 0 TagsInnovationFinancial inclusionGroupSocial Banks

Vishwanath's profile

job title Risk Management Professional
location Toronto, Canada
member since 2011
Summary profile See full profile »

Vishwanath's expertise

Member since 2011
27 posts31 comments
What Vishwanath reads

Who's commenting on Vishwanath's posts