Featured Post: What Are We Waiting For?

Online Banking is not secure, Verified by Visa is not Secure, SSL is not Secure, eCommerce is Not Secure...we need separate machines for online banking and browsing...so what are we waiting for?  Seriously.  Because if we are waiting for  Visa to start pushing "secure transactions" over "less secure" transactions, then

"I will see you in another lifetime brother..."

• Are we waiting until 73% of consumers use their online banking passwords to log in to other sites?
  
  
  
  The report's key findings include:
  
  
  
  
  
  
  
  
  
  
  • 73% of users share the passwords which they use for online banking, with at least one nonfinancial website
  
  
  • 47% of users share both their user ID and password with at least one nonfinancial website
  
  
  • When a bank allows users to choose their own user ID, 65% of users share this ID with nonfinancial websites
  
  
  • When a bank chooses the user ID for its customers, 42% use the bank issued user ID with at least one other website.
  
  
  
  
  

  
  
  

  Read more: http://pindebit.blogspot.com/2010/02/trusteer-says-73-of-online-banking.html#ixzz0eOl9Lkd7
  
  
  


• 
  
  Are we waiting for nearly 50% of all computers to be infected with malware? 
  
  
  
  ZDNet is reporting that, according to a recent report, almost half of 22 million computers scanned in a sampling were infected with malware.
  
  
  
  
  
  
  
  
  
  
  Read more: http://pindebit.blogspot.com/2010/02/almost-50-of-computers-are-infected.html#ixzz0eOlNamQC
  
  
  


• Are we waiting for phishing attacks to successfuly lure/dupe six times more people in 2009 vs. 2007? 
  
  
  
  Consumers are becoming increasingly concerned about the safety of their data online, according to a study published last week.  In a study of more than 4,500 consumers conducted by InfoSurv and sponsored by RSA, researchers found that consumer awareness of phishing attacks has doubled between 2007 and 2009. The number of consumers who reported falling prey to this attack increased six times during that same time period.
  
  
  
  
  
  
  
  
  
  
  Read more: http://pindebit.blogspot.com/2010/01/new-phishing-attack-methods-duped-six.html#ixzz0eOemoK36
  
  
  


• Are we waiting for SSL to become flawed? 
  
  
  
  A critical new flaw in SSL, or the Secure Sockets Layer used to protect Web traffic for online banking, shopping, and any other https connection, allows an attacker to break into any theoretically secured connection and add malicious commands.
  
  
  
  
  
  
  
  
  Read more: http://pindebit.blogspot.com/2009/11/critical-flaw-in-ssl-found-software.html#ixzz0eP2PRFxk
  
  
  


• Are we waiting for Verified by Visa to be exposed as a textbook example of how NOT to authenticate users?
  
  
  
  PC World (and other's) are reporting that (according to Cambridge researchers) both Verified by Visa and MasterCard Secure Code don't provide adequate security. The Verified by Visa and MasterCard SecureCode credit card checks are fundamentally flawed, according to security researchers.  The 3-D Secure protocol, which underlies both, "might be a textbook example of how NOT to design an authentication protocol," say Steven Murdoch and Ross Anderson of the University of Cambridge Computer Lab. It ignores good design principles and has significant vulnerabilities, some of which are already being exploited.
  
  
  
  
  
  
  
  
  
  
  Read more: http://pindebit.blogspot.com/2010/01/verified-by-visa-textbook-example-of.html#ixzz0eOnxQf0V
  
  
  


• Are we waitiing for "Card Not Present" to reach the 87% of all fraud committed plateau?
  
  
  
  Today the NFO warned that online banking, card-not-present, and check fraud have lead to increased losses for organizations. It explained that in 2008 losses in all to three areas totaled £704.33 million, adding that in 2009 card-not-present fraud alone had risen by 14 per cent to £609.99 million. Editor's Note: Those numbers translate to the following: Card Not Present (typing card numbers into a box on a website) Fraud (£609.99 million) is responsible for 86.6% of the total £704.33 million lost.
  
  
  
  Read more: http://pindebit.blogspot.com/2010/01/uk-card-not-present-fraud-responsible.html#ixzz0eOeCb9u2
  
  
  
  


• Are we waiting until 80% of online banking customers demand more security than a username and password?
  
  
  
  "Consumers are very much aware of these threats," Seth Geftic, senior manager of Identity Protection and Verification at RSA told V3.co.uk.  "They are not satisfied with simple password. Consumers really WANT and need more security." In fact, Consumers agreed that their identities should be better protected than a simple username and password for online banking (80 percent) Websites.
  
  
  
  
  
  
  
  
  
  
  Read more: http://pindebit.blogspot.com/2010/01/80-want-better-online-banking-security.html#ixzz0eOfVkQ2u
  
  
  


• Are banks simply waiting until cash incentives become less motivating than branded merchandise?
  
  An increasing number of financial institutions are going back to offering marketing gifts as an incentive to attract and keep the nearly 25 percent of large bank customers who plan to switch to local banks or credit unions this year...
  
  
  
  


• Are we waiting until 50% of Large Banks Leave Their Customers Unprotected against Hackers?
  
  
  
  Javelin: Nearly One in Two Large Banks Unprotected Against Hijacking of Online Customer Interaction
  
  
  
  
  
  
  
  
  Javelin Evaluates Security Offered By Web-Facing Applications Of The Top 24 U.S. Financial Institutions
  
  
  
  Read more: http://pindebit.blogspot.com/2009/12/javelin-nearly-one-in-two-large-banks.html#ixzz0eOpIyDGM
  
  

• Are we waiting for the Web to Become More Dangerous than it's Ever Been?
  
  
  
  PWG Chairman David Jevans said, “The Internet has never been more dangerous. In the first half of 2009, phishing escalated to some of the highest levels we've ever seen.
  
  
  
  Read more: http://pindebit.blogspot.com/2009/10/report-web-has-never-been-more.html#ixzz0eP1ROrrv

I could go on and on but I think I've made my point.  And what is that point exactly?   I can assure you that it's not one borne of frustration.  That was so last year.  This year it's almost laughable. How can supposed "leaders" in the financial institution be so damn stubborn that they continue on the same exact path achieving the same exact results. 



What do you call an entity that does the same thing over and over again expecting to get different result?  Insane?  What's insane is that it is so OBVIOUS that we need a hardware device to conduct secure financial transactions outside the browser space that my dog gets it.  



So, exactly what is it we waiting for?  It is TIME!

• It is time...for "eCommerce transactions to be conducted on the only eCommerce enabled PCI Certified Device and replicate the "Card Present" environment conducted in a brick and mortar transaction.
  
  


• It's time to secure online banking with the very same PCI Certified PIN Entry Device, by replicating the same process trusted by banks and their customers to withdraw cash from an unattended ATM.  Insert the card and enter the PIN. 
  
  


• It is time to introduce a more secure way to protect consumers against the bad guys...it's time for the world's only PCI Certified PIN Entry Device designed exclusively for eCommerce.  It is time for HomeATM.

Related articles by Zemanta

• Full Text Of Cambridge Report On Verified by Visa and MasterCard SecureCode (pindebit.blogspot.com)


• Verified by Visa Not "Fraught with Security Problems" say Cambridge Researchers (pindebit.blogspot.com)


• Featured Post: Card Reader Use Online Jumps 31% (pindebit.blogspot.com)


• Verified by Visa Phishing Scam (pindebit.blogspot.com)


• More on Soaring Online Bank Fraud (pindebit.blogspot.com)


• Verified by Visa bitchslapped by Cambridge researchers (go.theregister.com)


• Online Credit/Debit Card Security Failure (schneier.com)