Profile

Ted's blog archive

2010 (1) 2009 (2)
Ted Egan

Ted Egan

Vice President Sales & Ops Asia Pacific at ThreatMetrix Inc.
Message Message me Posts: 3 Comments: 7
Bio Today he is Vice President of Sales for ThreatMetrix in the Asia Pacific where he is responsible for enabling Merchants, Payment processors, Financial institutions and Government agencies to REDUCE operational costs while IMPROVING the customer experience during the validation, verification and Aut Career History 25 plus years in Defence, IT communications and security industry

Blogs

 

Chinese online gangsters target Aussie celebrity builder

14 Feb 2010

Australians continue riding a growing wave of Chinese investment in resources, while helping to stave off much of the GFC or recession other countries had to deal with. Now it seems with all this success they are now becoming more of a target from international online crime gangs targeting Aussie wealth. Last week Aussie TV personality and larriki...

 

Dont blame banks for not pushing visible security

01 Sep 2009

Visible security is needed not just for banks, but for any eCommerce site e.g merchants, retailers,trading platform or social networking. Consumers groups should be applying the same visible security rule across all online business websites! Yes, the online banking services of some leading financial institutions may have weaker visible securit

 

The nastiest ebanking trojan just got nastier

14 Jul 2009

For too long now the perpetrators of malware have been getting away with targeting our banking sector and each time we think we are getting somewhere they seem to be one step ahead while gradually raising the bar in this arms race. On Friday, my team at TrustDefender Labs released a report on one of the nastiest pieces of malware which has just bec...

Ted is Commenting on

Online banking security: an opportunity to stand out

  Steve, there are a growing number of financial institutions deploying solutions to protect the customer transaction such as Trusteer and TrustDefender in various parts of the globe. Each with a little difference on protecting the customer transaction. These solutions are designed to secure the customers computer before the customer begins typing in their ID, Password or OTP and importantly focus on always allowing the customer to log in securely regardless of the potential threat. The real challenge is for security solutions to be added, not just authentication deployed at the customer desktop but to be able to alert a financial institution in real-time the security health of the customer computer before the customer begins typing their ID and passwords while ensuring the transaction is secure for the period. Further, if the financial institutions must be able to apply policies and rules based on the potential security threat, thus protecting the customer’s confidential details. In return the customer is informed their computer is safe or can simply click to fix but can always login securely. However the real challenge is that we need to see visible security combining authentication, while integrating the customer with their financial institution to ensure we have strong countermeasures against the growing sophistication of today and future malware. The financial institution marketing departments should also not be afraid to make their customers aware there is a potential threat if one is detected as consumers are only human and as most customers are not security experts they should be informed. This is if we are going to fix this problem. We all have a built in mechanism to protect ourselves from threats meaning the consumer will fix the problem if alerted. If not immediately, then on the second or third login.  The outcome is the customer can see their financial institution is actively helping them protect themselves and thus the customer will gain a greater trust in their financial institution, online transactions and will be improving their online security practices.  It is about a mindset change to online banking and trading practices.

Phishing attacks surge in 2008

  The real issue is that there are some brilliant technologies out there to counteract phishing but the drivers for adoption of such technology solutions by the financial institutions, online merchants and other website owners is not happening due to the fear of change. However on the flip side the developers of the phishing websites can on the fly implement and rollout their latest technology at whim, when and where ever they want. If the phishing application does not work then they try something different.....no issues. Now, if we are going to combat the increasing growth of phishing, the finance industry, online merchants and even government need to act creatively without delay with a combination of solutions and just not rely on a part fix. The trouble is today the technologies being deployed to stop phishing are still not working, they are based on older methodolologies. The frailty most people or organisations fall into, is looking for the solution in a browser based technology i.e. a plug-in or by developing or implementing anti-phishing tool bar. The problem is then that this approach is also failing time after time. The criminals have stepped beyond the phishing filter barrier with techniques that just walk around these filters. One interesting growth area for phishing is to compromise the computer and injecting code into what appears to be a secure website. Traditional approaches to this type of phishing just do not work and will not stop this attack! There is already the technology to detect phishing websites and even verify all parts of a website when a consumer visits. The technology even blocks the fake website or the key parts of the authentic website which have a fake overlay i.e. x-site scripting and alerts the consumer if they are visiting a non authentic financial institutions, merchant or even a government website. The technology will even stop code injection. This is done in real-time without delay. This capabilitiy is already developed and does not rely on traditional anti-phishing approaches. We need to look beyond phishing filters, and the browser plug-in ASAP if there is to be any change in the growth of phishing this year or in the future.