Tuesday, March 9, 2010

FDIC: Hackers Took More Than $120M in Three Months



This is the "type" of news we will continue reading until we stop entering/typing passwords and start authenticating ourselves the same way we authenticate ourselves at an ATM or at the Point of Sale in a retail store.  Swipe your Bank Issued Card and Enter Your Bank Issued PIN. .  Why should the internet be any different?  The web inherently makes people think everything should be software-based. NOT financial transactions.   They MUST be conducted "outside the browser space." It's just the way it is.  Extremely sensitive financial information (either online banking credentials or credit/debit card numbers) have no business being entered/typed.  It makes it readily available to hackers.  Why do you think they call it a "browser?"  Various keylogging/malware and phishing attacks have now risen to the tune of $120 million in the 3rd quarter of 2009.  I have a sneaky suspicion that the Q4 numbers will be higher.  If the online banking credentials or cardholder data was encrypted inside a separate machine there wouldn't be anything to obtain.  It would all be gobblygook protected by Derived Unique Key Per Transaction end-to-end encryption.  It's why we have the only PCI certified PED designed for eCommerce financial transactional use.  Don't you believe it's time for a change?

Robert McMillan, IDG News Service



Online banking fraud involving the electronic transfer of funds has been on the rise since 2007 and rose to over US$120 million in the third quarter of 2009, according to estimates presented Friday at the RSA Conference in San Francisco, by David Nelson, an examination specialist with the FDIC.



The FDIC receives a variety of confidential reports from financial institutions, which allow it to generate the estimates, Nelson said.



Almost all of the incidents reported to the FDIC "related to malware on online banking customers' PCs," he said. Typically a victim is tricked into visiting a malicious Web site or downloading a Trojan horse program that gives hackers access to their banking passwords. Money is then transferred out of the account using the Automated Clearing House (ACH) system that banks use to process payments between institutions.



Even though banks now force customers to use several forms of authentication, hackers are still stealing money. "Online banking customers are getting too reliant on authentication and on practicing layers of controls," Nelson said.


Thanks for Visiting - Bookmark us or Add to your Favorites and Find Out What's Going on Tomorrow in the Payments Industry

Disqus for ePayment News