Westpac has introduced a mouse-activated keypad for users logging on to its Internet banking service. The move comes just months after Australian police busted an online crime syndicate suspected of stealing funds from Web banking customers through the use of keylogging malware.
Westpac says the onscreen keypad scrambles customers IDs and passwords and renders keylogging Trojans ineffective.
The bank says it is the first to introduce the technology in Australia, although similar programmes have been implemented by other banks worldwide, including Citibank, Standard Bank of South Africa and ING in Holland.
Westpac's move comes just months after police in Perth smashed a crime ring that had allegedly used keylogging software to steal "significant" sums of money from victim's bank accounts. Multiple banks had been targeted but names of specific financial institutions were not disclosed.
The security and effectiveness of graphical keypads has been questioned recently following revelations that fraudsters are increasingly using sophisticated "screenscraper" software to neutralise these programmes. Rather than tracking keystrokes, the screenscraper takes takes a snapshot of the user screen each time the mouse is clicked and sends it to the phishers' server for inspection.
Dan Hubbard, senior director of security for Websense and an analyst with the Anti Phishing Working Group, says crimeware continues to evolve and advanced techniques are now being used to steal information: "These Trojan horses are moving beyond keylogging to now capture screenshots to obtain end-user credentials."