Tuesday, July 7, 2009

IBA Website Hacked/Cloned This Morning


As we have pointed out a few times on this blog, these types of problems plaguing banks could be severely reduced, if not completely eliminated in three simple steps...two of which have already been done.

Authenticating an online banking customer with "username | password" (or "any form of log-in" which a consumers must type/enter) is the fundamental basis of the problem.

Banks issued a card, Banks issued a PIN, the last issue they must contend with is for them to issue the card/PIN reader. True two-factor authentication. What you have (card) and what you know. (PIN)

Prior to HomeATM breaking the price barrier, a low-cost secure card reader/with integrated PIN Pad did not exist. Therefore, the only other choices banks had for authenticating their customers (besides username |passwords) were to upgrade their log-in capabilities with OTP's (one-time passwords) and Dongles. OTP"s can and have been intercepted, and Dongles can ONLY be used as authenticators. Not anymore. With HomeATM's "low cost" terminals, banks are in a position whereby they could give these things away faster than toasters and prevent themselves and their customers from getting burnt by fraudsters.

The added benefits of HomeATM's device is that it is NOT LIMITED to authentication. Our device also provides Zone 1-4 End-to-End-Encryption (for Track 2 data) and full Zone 1-5 E2EE for the PIN during an "online" financial transaction. (Thereby protecting the cardholder data as well as any $500+ point of sale terminal and $150 PIN Pad) Our device also utilizes existing bank rails, which enables the cardholder to instantly transfer money from any bankcard to any other bankcard. That feature also inherently provides a unique way to pay bills/utilities online.

Apparently, in spite of events like the one reported below becoming more commonplace, (see Commonwealth Bank stories over the past week) some banks think they are immune. Unless they utilize an inoculator, (such as our SafeTPIN) I can assure them they're not.

The Hindu Business Line : IBA website hacked
IBA website hacked

MUMBAI: Indian Banks Associations (IBA) website was hacked this morning, leading to panic among bank customers across the country. The IBA warned the public not to share bank account details to the website as demanded by the hackers.

The IBA website has been compromised and there is a bogus message doing rounds asking people to give their ATM Card details online at the bogus link.


The webpage is a copy of IBA's web home page, a top IBA official said. Translation: A "Cloned" Bank Website.
(Never heard of such a thing? Enter "Cloned Website" in the HomeATM Search Bar on the top left sidebar...or check out "Related Articles below)

IBA is the national body of Indian banks and has members from public, private and foreign segments. IBA has deployed a special team to examine the matter and will resolve the issue at the earliest, the official said. - PTI








Reblog this post [with Zemanta]

Disqus for ePayment News