Sunday, July 19, 2009

Online Banking Data Being Fed to the Phishes

BANKS and bank customers face an array of threats to their security as international criminal groups roll out a new generation of viruses, malware, fake websites and sophisticated phishing emails.

Internet banking experts say without co-ordinated global action by governments, financial institutions will have to "give up on the internet" because they are losing their war against hackers and criminal fraudsters.
Editor's Note:  That's what I've been saying for the last 15 months on this blog.  It was (not safe) safer to type your card numbers into a box at a merchant checkout center a year ago than it is today and it's (not safe) safer to do it today than it will be tomorrow. 

It's satisfying to see "Internet Banking Experts" start to to publicly admit there is an inherent weakness in the system. 

HomeATM's device (pictured above) is a secure solution to the phishing, DNS attack and cloned web site threats which permeate the online banking world.  Our solution exactly replicates how one would access their cash at an ATM.   1. You swipe your card, and 2. You Enter your PIN.  It's called 2FA (two-factor-authentication) and it would virtually eliminate phishing overnight.  The Track 2 data is "instantaneously" encrypted upon the swipe of the card and the PIN is also 3DES Encrypted and protected by DUKPT (Derived Unique Key Per Transaction).  Our unique end-to-end encryption methodology provides the most secure authentication and payment application available today. Period. 

Early next week, HomeATM expects to become the only eCommerce Payment company in either hemisphere to be both PCI 2.x Certified and TG-3 certified.  Swipe don't Type.  It's how retailers and consumers have been doing it at brick and mortar locations since the early 80's and it's how it should be done online.  Until now, there wasn't an affordable way to get consumers there very own SwipePIN device.  But HomeATM has gotten the price down to the point that banks could literally give them away...thus empowering their online banking customers to not only log-in securely but pay bills in real-time, send or receive money in real-time and conduct safe, secure online transactions.  I've stated that it is as simple as 1-2-3.  Two are already done.  The bank issues the card, the bank issue the the bank can issue the HomeATM Internet POS terminal.   The story continues... 

Almost one-quarter of the entire Australian population has been affected by identity theft crimes, according to a recent survey by Veda Advantage and that number keeps growing each year.   "Last year some 450,000 Australians were the victims of fraud," NSW Attorney-General John Hatzistergos said last weekend as he announced new laws that effectively duplicate Queensland's cyber crime laws.

"Nearly a billion dollars was taken from people and confiscated by criminals, using a variety of different techniques, trading in people's personal information, such as passwords, pin numbers, names and addresses.

The state based approach to the problem will not work says Professor Bill Caelli from Queensland University of technology's Information Security Institute. Prof Caelli says only co-ordinated global action by governments can secure the net.
Speaking to the Sunday Mail from a major IT conference in Paris where the issue of securing the net is high on the agenda, Prof Caelli claimed "banks were simply not capable of providing secure internet banking."
There is a big discussion happening globally about web services such as internet banking. The question is, "Can you create large-scale secure transaction systems on the weband the answer is coming back as no."

Already this year, two of Australia's biggest banks have reported significant attacks on their internet banking portals. Both attacks came after significant investments by the banks to upgrade their online banking platforms.

"The criminals tend to target one bank and when that institution shuts them down they move to another bank so it goes in circles," said Gary Gill, head of forensics at KPMG.

Australia's biggest bank, the Commonwealth Bank, reported that a malicious attack had probably contributed to its banking website, Netbank, crashing on the busiest days of the year – the two days before the end of the financial year.

Steve Batten, the media spokesman for the Commonwealth Bank, said that Netbank was designed to handle 13,000 customers online concurrently.   Last Monday, 18,500 customers were logging in concurrently and 1.59 million hits were registered in the 24-hour period.  Mr Batten said that the bank suspected that some of that traffic was malicious.

In February ANZ Bank reported a sophisticated scam that led to a fake web page appearing to customers after they logged in to the ANZ internet banking site.

Reblog this post [with Zemanta]

Disqus for ePayment News