Tuesday, June 2, 2009

Costin: Online Banking Needs More Defense Against Phishing

Kaspersky - e-banking Needs More Defense against Phishing Attacks - SPAMfighter

Chief Security Expert of Kaspersky Lab EEMEA, Costin Raju, claims that out of the thousands of Trojans discovered by Kaspersky Lab daily, 1/3rd attack e-banking.

Costin further adds that banks should provide more protection to their customers against these Trojans.  (Editor's Note:  I would further add the it's "Costin" the banks $350 per phishing attack)

At the ITWeb Security Summit held in Midrand (South Africa) on May 26, 2009, Raju states that malware has tremendously augmented for the last few years, causing a severe trouble as security firms could not raise the number of analysts.

Despite the fact that banks worldwide are coping with the economic slowdown, Raju says that this is not the time for them (banks) to reduce their security resources regardless of gloomy economic forecasts and cash flow issues. He says that though security expenses have minimized, online financial dealings are not reducing.

Banks have lessened their physical security expenses in today's economic slowdown time and it alarms Raju that online security will also follow the same trend. IT security estimates between 5% and 12% of the whole IT spend. As the IT expenditure comes down, security also suffers along with everything else.


The closure of many international financial institutions has also aggravated the trouble and carried it with a latest ambush of phishing attacks. Raju states that customers, who are unsure about whether their
funds invested in one of these institutions will be paid back or not, are prone to become victims of these phishing attacks. These customers are more likely to reply to phishing mails claiming they will not get
their money back if they do not furnish their online information within 1 day.

Some other security experts also acknowledge that this is one of the methods hackers use to make money. They employ malware to trace passwords typed through a keyboard, phish for private account details and finally redirect online banking customers to fake sites made to gather login and password information.


Further, Trojans also employ screenshots, taking each mouse click on the virtual secure keyboard. (oops, does that mean that a "floating PIN Pad" which uses "mouse clicks" is not* safe?) * denotes sarcasm
Hence, Raju recommends that banks should be frank with their customers and not only accept them (attacks) but also provide suggestions and guidelines to curtail these dangers.

Editor's Note:  Let me "B. Frank" with the online banking community.  If your customers "don't type" the fraudsters "can't swipe."  The only one's doing the "swiping" will be your customers, and that's okay!  Because when "they" swipe, the data is never in the clear.

End Result?  HomeATM eliminates phishing, eliminates the threat of "fake sites" (or official looking sites) and your customers are in the clear...not their card data.  Got IT?



Reblog this post [with Zemanta]

Disqus for ePayment News