Banks using Twitter need to proceed with caution, experts say
By Marcia Savage, Features Editor, Information Security magazine | SearchFinancialSecurity.com
Editor's Note: This story is yet another reason why banks should discard the blatantly obsolete username | password login process and replace it with a secure two factor authentication end to end encrypted login. They are two-thirds of the way there. They issue a card, they issue a PIN, now they need to issue their online banking customers a card processing terminal which enables their users to Swipe their bank issued card, enter their bank issued PIN and voilla, all these potential threats are eliminated. Since HomeATM designed, patented and manufactures the world's first and only PCI 2.0 certified PIN Entry Device, made specifically for online eCommerce use, the terminal of choice is a no-brainer. So if banks want to eliminate phishing entirely (no data means no phish) cloned websites, DNS Hijacks, the threat spoken about below, etc. then who are they gonna call? There's no place like HomeATM! Here's an excerpt from the latest threat faced by online banking article:
"Banks are jumping onto the Twitter bandwagon but experts say financial institutions need to consider the fraud risk and other security issues associated with the micro-blogging site and other social networking services.
Bank of America, Wells Fargo and ING DIRECT are among the many financial institutions using Twitter for marketing, customer service, community outreach, and other activities. According to a recent study by Williams Mills Agency, an Atlanta-based public relations firm serving financial services, financial institutions of all sizes, including community banks and credit unions, are using Twitter to communicate with consumers.
Types of information shared on Twitter by financial institutions include promotions, replies to followers, personal finance tips, links to industry news, community event news, and personal comments on mundane topics like the weather, the study showed. William Mills looked at 1,176 "tweets" posted by 63 financial institutions in March.
However, banks moving into social networking should proceed with caution, said Jacob Jegher, senior analyst in the banking group at Celent, a Boston-based financial research and consulting firm. Jegher wrote earlier this spring about social networking risks for banks.
The biggest threat, he said, is fraudsters pretending they are a particular bank on Twitter or Facebook in order to steal online banking credentials. For example, a fraudster posing as a bank on Twitter could respond to a customer's question about an account problem by asking for account passwords, Social Security numbers, and other sensitive information. Unsuspecting customers, thinking they're on a legitimate bank Twitter page, could be duped.
"I see that as a huge risk – the social engineering of information out of people," Jegher said. "All it takes is a couple pieces of information and the fraudster can start piecing things together."
Continue Reading at SearchFinancialSecurity.com (registration required)