BROWSE BY TOPIC
- Bad Brokers
- Compliance Concepts
- Investor Protection
- Investments - Unsuitable
- Investments - Strategies
- Investments - Private
- Features/Scandals
- Companies
- Technology/Internet
- Rules & Regulations
- Crimes
- Investments
- Bad Advisors
- Boiler Rooms
- Hirings/Transitions
- Terminations/Cost Cutting
- Regulators
- Wall Street News
- General News
- Donald Trump & Co.
- Lawsuits/Arbitrations
- Regulatory Sanctions
- Big Banks
- People
TRENDING TAGS
Stories of Interest
- Sarah ten Siethoff is New Associate Director of SEC Investment Management Rulemaking Office
- Catherine Keating Appointed CEO of BNY Mellon Wealth Management
- Credit Suisse to Pay $47Mn to Resolve DOJ Asia Probe
- SEC Chair Clayton Goes 'Hat in Hand' Before Congress on 2019 Budget Request
- SEC's Opening Remarks to the Elder Justice Coordinating Council
- Massachusetts Jury Convicts CA Attorney of Securities Fraud
- Deutsche Bank Says 3 Senior Investment Bankers to Leave Firm
- World’s Biggest Hedge Fund Reportedly ‘Bearish On Financial Assets’
- SEC Fines Constant Contact, Popular Email Marketer, for Overstating Subscriber Numbers
- SocGen Agrees to Pay $1.3 Billion to End Libya, Libor Probes
- Cryptocurrency Exchange Bitfinex Briefly Halts Trading After Cyber Attack
- SEC Names Valerie Szczepanik Senior Advisor for Digital Assets and Innovation
- SEC Modernizes Delivery of Fund Reports, Seeks Public Feedback on Improving Fund Disclosure
- NYSE Says SEC Plan to Limit Exchange Rebates Would Hurt Investors
- Deutsche Bank faces another challenge with Fed stress test
- Former JPMorgan Broker Files racial discrimination suit against company
- $3.3Mn Winning Bid for Lunch with Warren Buffett
- Julie Erhardt is SEC's New Acting Chief Risk Officer
- Chyhe Becker is SEC's New Acting Chief Economist, Acting Director of Economic and Risk Analysis Division
- Getting a Handle on Virtual Currencies - FINRA
ABOUT FINANCIALISH
We seek to provide information, insights and direction that may enable the Financial Community to effectively and efficiently operate in a regulatory risk-free environment by curating content from all over the web.
Stay Informed with the latest fanancialish news.
SUBSCRIBE FOR
NEWSLETTERS & ALERTS
FOLLOW US
Online Banking Security Breached
February 13, 2012
[ by Melanie Gretchen ]
Few, if any, computer servers appear to be impenetrable against hacker attacks. Hackers manage to gain access either by infiltrating the large computer servers after breaking the computer code, or by accessing the servers through unsuspecting customers and/or users.
Recently, hackers found their way past the latest generation of online banking security devices employed by banks. Here, account holders log into the bank's real site, whereupon they are tricked with the offer of training in a new "upgraded security system." The hackers then move money out of the account - unbeknownst to the users. Bank officials advise customers to use up-to-date anti-virus software and be vigilant.
The Latest Security. Devices (like PINSentry from Barclays and SecureKey from HSBC) ask users to insert a card or a code to create a unique key at login that is valid for 30 seconds and cannot be used again. This introduced a new level of online banking security against password theft and provided security, even if a user's computer along with any password information was hacked. To date, it is the best level of protection available against online banking fraud.
A "Man in the Browser" Attack. Called an MitB attack, this malware lives in the web browser and can get between the user and the website, changing what is seen and the details of what is being entered, when the user visits particular websites. Past attacks have changed payment details and amounts, in addition to on-screen balances to hide its activities.
However, the MitB attack is very focused, very specific, advanced threat, specifically focused against banking, said Daniel Brett, of malware testing lab S21sec. He added that the risk of fraud is only present for a single transaction - and, in the above example, the risk of fraud will occur only if the customer falls for the "training exercise."
Challenges to security. Every time a new update to the malware is released, security companies can take weeks to learn how to recognize it by its common features. One security company privately conceded that, if this threat had come from a source not known to be bad and started communicating with a web address also not on the blacklist of "bad" sites - until they had discovered and analyzed it - it probably would have beaten their protection.
Makers of many of the security products featured in tests argued that the test was not valid as it only tested one part of their protection. They pointed out they continually search for blacklist websites, e-mails, and other sources of malware.
What you can count on from bank security. Most computer security products will block any deviations from the norm, by type of transaction or amount, but will also block many legitimate programs, too. In the U.K., online banking fraud accounted for $27 million (£17 million) in the first 6 months of 2011, according to Financial Fraud Action U.K.
[C-I Note: Our advice: Watch out for the next "latest" security - during business hours and during personal time.]
For more details, go to [BBC News, 2/10/12].Related Stories: Archive
-
Legal Funding Firm Accused of Scamming 9/11 Heroes, NFL Retirees
February 8, 2017 -
Elizabeth Warren, Wall Street Pariah, Now Has Lost Her Left-Wing Following
January 19, 2017 -
What We Know and Don’t Know About the Trump-Russia Dossier
January 11, 2017