Monday, October 5, 2009

The Best Way to Swipe Online Banking Credentials

From Lita Epstein at Daily Finance:

"Based on a survey by the American Bankers Association,  25 percent of the population prefers to do its banking online and that number is growing. In fact, the survey found that the Internet is the preferred banking mode for all customers under the age of 55 and the popularity of ATMs has fallen in all age groups.

Through 2012, the number of online banking users is projected to grow at a compound annual rate of 20 percent, according to a report from the Tower Group. The Tower Group defines online banking as anything done once a person logs onto a bank's website.


All brick and mortar banks are experiencing growth in their online services.




  • Bank of America has 30 million online banking customers.

  • Chase has 13.9 million online bank customers.

Clearly, the trend is toward online banking.





Editor's Note:  Unfortunately, there is another trend.  This trend is called hackers and newly introduced online banking trojans.  Online Banking Trojans (OBT's) are created and designed to steal online banking credentials. 



Clampi, Zeus, and newly discovered (10/01) URLZone are designed to go undetected by anti-virus programs and wait for the user to reach a financial services site, 4500 of which are recognized by these malware programs. 



Upon reaching the site, the malware steals the user's online banking log-in details, including one-time passwords.  (OTP's) in real-time.  URLZone even rewrites the online bank statements to show that the money is still there.  See more about URL Zone in the "related articles section below)



 Prominently featured during last week's, "Online Banking is Weak Week," is talked about OBT's and stated that: "in order to remove the online banking consumer from the scope of such threats, the log-in procedure must be done outside the browser space."  



The best way to remove the online banking customer from the scope of these threats is to arm them them with weapons of Hack destruction, i.e.  the HomeATM SLIM.   (also eliminates the threats posed by Phishing, Pharming, DNS Hijacking, Cloned Bank Websites, Keyloggers and Malware...)





Simply put, HomeATM's SLIM "enables online banking customers to authenticate themselves in the exact same manner trusted by both banks and consumers to dispense cash in real time at an ATM."  









By mandating that online banking customers swipe their existing bank issued card and entering their existing bank issued PIN, the bank enjoy the security benefits of "True" Two-Factor Authentication as both the card information and the PIN would be instantaneously encrypted inside the SLIM and therefore the log-in credentials would NEVER enter or travel through browser space unencrypted.  (Think INSIDE the Box) 



But the HomeATM Slim is not done yet.  It's only beginning.



Not only does it instantaneously 3DES DUKPT E2E Encrypt the data (including the Track 2 data) to create an impenetrable online banking solution, it allows consumers to conduct bank-card to bank-card money transfers in "real-time"  (P2P, A2A, P2B and B2B) using ANY bankcard.  (Citi to Wells, BofA to Chase,  etc.)



Still not done:  HomeATM's SLIM "also" enables a "secure" conduit with which to conduct eCommerce credit, debit and PIN Debit transactions in a "card present" environment.  Both Visa and MasterCard define "card present" as any transaction which "captures the data on the magnetic stripe" (swiping vs. typing)



Simply Put: Although "card not present" transactions probably constitute less than 10% of all transactions, they definitely are responsible for over 50% of all card fraud...and growing.  Therefore, the Card Not Present environment is responsible for the MAJORITY of card fraud.  By creating an environment whereby customers could "Swipe" vs. "Type" we eliminate the "card NOT present" environment...thus eliminating CNP fraud. 

Maybe we should rename the "SLIM" the "Eliminator!"  Nah, as there are only "two" chances to secure our card holder data when it comes to online financial transactions: SLIM and None!  I do have a pet name for SLIM though...I call it "The Inevitable!"









From SC Magazine:  E-Commerce Security





Opinion: Take no chances with card security









Oct 2, 2009 4:14 PM



Time has run out for businesses that handle credit card information.



"Card companies should be re-investigating secure alternatives, such as PC-based (chip and) PIN terminals...












Reblog this post [with Zemanta]

Disqus for ePayment News