Wednesday, June 10, 2009

No See in the Phish


Trojan Variant Infecting Singapore Banks


According to news reports from ZDNet Asia a newly found Trojan program is attacking online banking customers of local banks in Singapore.

The Trojan that infects a computer redirects the end-user onto a phony bank site, while the malware steals the user's actual login details.
Editor's Note:  Well there's a new one.
Actually, on the phony site, the user is asked to fill up a third space apart from the normal spaces for username and 'personal identification number.'

At this point, the browser seems as if it is stuck; so the user is suggested that he re-submit his log-in details a number of times, till the Trojan intercepts them all.

Okay, once again, as I've stated numerous times on this blog...the old-fashioned "username | password" login is long obsolete.  When it comes to phishing, let me give you a tip.  You type, They swipe.  It really is that simple. 

So why is it that banks make it simple for the hackers?  It's easy as 1-2-3 to completely eliminate the threat of phishing.  Banks have already completed the 1-2 part.  It's the three that would completely eliminate phishing, the threat of cloned bank websites, eliminate the usefulness of DNS hijacking, stop trojans in their tracks, etc, etc, etc.  How do you do it...you ask?



With HomeATM's 2FA (Two Factor Authentication) 3DES, Protected by DUKPT, PCI 2.0 Certified  PIN Entry Device, the users login data is encrypted, i.e. "never in the clear"

Since users never typed "ANYTHING" into a website, then there isn't "ANYTHING" for phishers to see. If there's nothing for them to see, then there is, in effect, no phish in the sea.  Do you know of anyone who goes phishing where there are no fish?   

Easy as 1-2-3

1. Banks Issue Card
2. Banks Issue PIN
3. Banks Issue HomeATM SwipePIN Device

End Result: Phishers are Toast!





, , , , , , ,

Disqus for ePayment News