Thursday, December 10, 2009

Keystroke Logging Video

Here's an example of why we should Swipe vs. Type:







Next up...Video showing how an Online Banking Trojan works...should have it for you within 30 minutes or so...



But be warned...you'll probably never bank online again!!



At least not until banks start issuing you your own personal HomeATM Online Banking Authentication device which allows you to authenticate yourself the same way you do at an ATM.



Instead of foolishly typing in your username and password, (and falling victim to a keystroke loggin attack as outlined in the video above, you can Swipe your Card and Enter your PIN.



The card data is instantaneously 3DES DUKPT encrypted outperforming even stringent PCI Guidelines because we 3DES DUKPT the Track 2 data as well...



That means NOTHING travels via the browser and you never touch your keyboard.  Can you imagine if ATM's required you to type in a username and password?  There's a reason they require you to Swipe your Bank Issued card and Enter your Bank Issued PIN.



What's the reason for not requiring the same thing to authenticate an online banking session?  Here's some suggestions...Do you think it might be any of these?



  • Because Keystroke Logging doesn't exist?

  • Because typing your username and  password into a box is safe? 

  • Because nobody falls victim to phishing attacks? 

  • Because there's no such thing as a cloned bank website?

  • Because SSL or EV-SSL doesn't have a critical flaw?

  • Because millions of people won't bank online for fear of falling victim to card fraud?

  • Because 49% of online banking customers would switch banks if they (or someone they knew) fell victim to card fraud?

  • Because the problem is getting better not worse?

  • Because online banking trojans don't exist?

  • Because Next Generation online banking Trojans beat even the most sophisticated software authentication programs?

  • Because banks don't want to gain a competitive advantage over their peers?

  • Because our device costs less than most of the useless promotions banks currently run?



    Guess you'll have to ask your bank...because it certainly cannot be any of the aforementioned reasons.  See what they tell you.  Then come on back and share what they said with me! 












Reblog this post [with Zemanta]

Disqus for ePayment News