Bottom line. Based on the fact that online banking customers are instructed to "key in" (type) their online banking credentials, the online banking industry is a ticking time bomb.
The only explosive growth the online banking community will see (unless they provide a genuinely secure authentication procedures) is that of the online banking Trojans...which are designed to completely drain accounts and completely destroy any trust associated with online banking.
October 23, 2009 — 8:53am ET | By Jim Kim
Apparently, the issue was a virus that allows for keystroke capture.
Let's "key" in on that for moment, shall we? The "Key Word" here being "keystroke capture." Let me oversimplify this. What procedure does online banking mandate for online banking customers to log-in to their account. Is it by "keying" (typing) in their username and password? It is, isn't it?The story continues...
Consumers type their username, their password (and more often now, in a lame attempt to add an additional layer of security, some banks require their customers to "key" in other information, such as a mother's maiden name, the make of their first car, etc.
But the fact remains...if the online banking customer has a virus that allows for keystroke capture, then it doesn't matter if banks require their customers to "key in" (type) the answers to 100 questions, does it? It will ALL BE CAPTURED. Wouldn't it? Make sense? It does, doesn't it?
Back to the story...
"At the time of the incident, the customer was using a bank-issued ACH house token, which was designed to protect against unauthorized access, specifically from keystroke logging fraud attacks. Obviously, it didn't."
Which is why we created our SLIM device...it eliminates typing, thus keystroke logging (and phishing) enabling online banking customers to Swipe their Bank Issued Card and Enter their Bank Issued PIN to authenticate themselves. We utilize "existing bank rails" to authenticate the user. (If that process sounds familiar, it is because it's the same process used to access cash from an ATM.) 100% seamless transition.
The stolen funds were transferred to accounts set up by the hacker, using names of LLCs and individuals, at 11 domestic financial institutions. So far, more than $100,000 has been recovered.
Editor's Note: Guess what. The SLIM would also "prevent" any stolen funds from being transferred "anywhere" ...until the online banking consumer demonstrated "intent" to "authorized" the transfer by "Swipinig their Card" and "Entering their PIN" a second time! Talk about doubly protecting the consumer.
To review: If somehow (for instance, a pre-existing infection from Zeus, Clampi or the urlZone banking Trojans) the bad guys were able to get into an online banking customers account, they "WOULD NOT" (let me state that again) "WOULD NOT" be able to transfer funds "ANYWHERE" (let me state that again) "ANYWHERE"...UNLESS THE BAD GUYS HAD THE CONSUMERS BANK ISSUED CARD AND THEIR BANK ISSUED PIN.
Therefore, we eliminate keystroke logging, we eliminate phishing, and we eliminate the threat of unauthorized money transfers to money mules. Sounds elegant and sounds like a great online banking promotion. Get a free SLIM. We'll even put your bank's logo on it. Where can your bank get them? Email me: firstname.lastname@example.org
The story continues:
In addition, the Washington Post reports that Bullitt County, Kentucky lost $415,000 to criminals using malicious code on the county treasurer's computer. The program diverted the funds via transfer to more than two dozen so-called "money mules." Editor's Note: Did I mention that our log-in procedure is "Bullitt Proof! (safer than ATM access because there is no threat of skimmers, hidden camera's or "card trapping")
Read more: http://www.fiercefinanceit.com/story/more-bank-fraud-targets-government-accounts/2009-10-23#ixzz0UmFN8bVx