Wednesday, October 7, 2009

Online Banking Fraud in the UK Hits a New High









There is a disturbing trend going on.  The hackers steal our username and passwords and banks respond by telling us to "type" more information into a box on their online banking website.  I don't get it.  There's a website in the U.K. designed to help people fight the fight against online banking fraud called: www.BankSafeOnline.org  



Here's what they have to say. 



The three essential steps to protect your computer are:

  • Use anti-virus software and keep it up-to-date on a regular basis.

  • Install and learn how to use a personal firewall.

  • Download the latest security updates (or patches) for your web browser and operating system.

Oh really?  As I mentioned yesterday, a report by Trusteer says that Zeus, an online banking Trojan which steals your online banking credentials,  bypasses up-to-date anti-virus software 77% of the time.  So if you want to feel 23% protected, by all  means listen to their advice.  Firewalls are like locked windows.  Hackers just break the glass to get in.  The latest security updates are nothing more than an admission that browsers are not safe.  Why would you need weekly "security" updates if the browser was secure in the first place. 



There's only one way to authenticate an online banking customer.  Think ATM.  Think dispersal of cash in real time.  Why is that system trusted by banks?  Because the security behind the authentication works.  Why not 100% replicate that process for online banking log-in?  Exactly...why not?



Here's more on the 55% growth in online banking fraud during the first 6 months of the year.  Prediction.  When the report comes out on the growth of online banking for the second 6 months, it will be bigger than the first 6 months. Mark my words...or at least these three words:  Zeus, Clampi, urlZone.





Jeremy Kirk, IDG News Service

Wednesday, October 07, 2009 7:40 AM PDT



Online banking fraud in the U.K. has risen to the highest level in at least three years, according to industry figures released Wednesday.



Online banking fraud increased 55 percent to £39 million (US$62.4 million) in the first six months of the year compared to the same period a year ago, said Financial Fraud Action U.K. (FFA), formerly known as APACS. FFA collects data reported by U.K. financial institutions.



FFA attributed the rise to sophisticated malicious software programs that infect vulnerable consumer computers. FFA also counted 26,000 phishing sites, which are fraudulent Web sites designed to trick people into divulging their log-ins and passwords.



The rise in banking fraud comes as U.K. banks have taken more rigorous measures to combat online fraud. While U.S. banks often only require a log-in and password to get access to online banking, U.K. banks often have several more steps.



Editor's Note:  More steps are futile.  I've got a business associate that says banks understand the security risks, but I disagree and what follows is proof that they just don't get it!  Here's an exercise in futility by NatWest:



For example, NatWest -- owned by the Royal Bank of Scotland Group -- requires customers to "type" (enter) their birth date plus "type" (enter) a unique four digit code.  During the second step, a person is prompted to enter ("type") enter some digits of a separate four-digit PIN (Personal Identification Number), which is not the same as the person's ATM card.  Then, the Web site asks the user to ("type") enter "another password", but only specific parts of it, such as the second, fourth and seventh letter. NatWest asks for a different combination every time. If you fail to log in successfully, the account can't be accessed online.





Nonetheless, most bank security measures are defeatable if a person falls victim to a phishing scam and sends a fraudster their authentication credentials.  Editor's Note:  When consumers type, the information they type is fair-game to the hackers.  It doesn't matter if you instruct the consumer to type the 4th letter of every 5th word in War and Peace or every 7th letter of every 14th word in Genesis.  Typing is the problem. 

Reblog this post [with Zemanta]

Disqus for ePayment News