Keylogging spyware seems to be a growing threat. Since it can sit unnoticed on a PC, users are unaware they are providing their login and passwords until it is too late.
Internet Explorer is the weak link in this case and making sure it is patched and/or a pop-up blocker is in place should protect most users. In the long term, we may need to encourage users to switch off IE, though that could be a long, tough slog. There are great alternative browsers but they would need to be installed (and, in some cases, purchased) so it is pretty tough to get people to switch from their free, pre-installed IE.
Here are the specifics that are only hinted at in the article: http://isc.sans.org/presentations/banking_malware.pdf
Wednesday, June 30, 2004
Thursday, June 17, 2004
Online Banking Surges, Still Room to Grow
Nothing really new here but it's always good to see coverage in a national newspaper, in this case the Washington Post.
Wednesday, June 16, 2004
Gartner: Phishing on the rise in U.S.
ZDNet article based on same study in previous blog. This one better lays out the problem and, as I suggested, lays most of the responsibility on the user. It does, however, inspire me to consider some incremental changes. Even small changes can have a big impact.
Monday, June 14, 2004
Survey: 2 million bank accounts robbed
Survey that shows online banking is being targeted more for fraud. Scary stuff. It seems, though, that most of the safeguards fall again outside the realm of the financial institution. We can do a better job of locking down online accounts but there is resistance from consumers who don't want to remember another password (or even a longer one). We can do a better job of educating users about the dangers but people are still being taken in by Nigerian emailers even with the almost steady stream of newspaper stories and consumer warnings. There are some great ideas for securing accounts (many of them detailed in earlier blogs) but nothing yet that is easy to implement and/or easy for users to adopt. Will we find a middle ground? Someday. Will we ever eliminate fraud? No. We just need to keep plugging away.
Friday, June 11, 2004
Fame vs Fortune: Micropayments and Free Content
Strong argument against micropayments. A part of me is pulling for micropayments, though, because I think some of the proposed systems are elegant, PepperCoin for example.
Wednesday, June 09, 2004
Firms Flirt with Out-of-Band Authentication
BTN article with more password ideas and more new terminology, "Out-of-Band". Out-of-Band is basically authenticating one channel using another. Example: Person surfs to Online Banking login page, types in their account number, and they then get a system generated phone call that authenticates them. Crazy idea? Probably, but it's another option.
Website Analysis Isn't a Game
Wired article about website analytics package that represents web traffic as a city. Great idea.
Updated: I've downloaded and installed the software but need to get with our web design firm to place the tags on all of our pages. Anxious to start using it.
Updated: I've downloaded and installed the software but need to get with our web design firm to place the tags on all of our pages. Anxious to start using it.
Monday, June 07, 2004
Recognition Keys Access
Another interesting solution to the password problem. This one seems a bit pie in the sky but it could be used as a starting point.
Wednesday, June 02, 2004
Picture Passwords
Picture passwords are an option that I've never considered. This BBC article talks about Microsoft's work on it.
Ran across related article on Brighthand for a product from Softava called PicturePassword that can secure a PDA. To unlock the PDA you have to click on a secret spot on a picture. This is neat because you can use your own pictures.
Ran across related article on Brighthand for a product from Softava called PicturePassword that can secure a PDA. To unlock the PDA you have to click on a secret spot on a picture. This is neat because you can use your own pictures.
Prime Time Wireless - It's sexy, but is it safe?
Dopey article on CUES site regarding wireless networking. No explanation of why a credit union would create a wireless network besides the "sexiness" of it. If there is no reason to create one, there is no reason to be concerned about the safety of it.
Most of the problems of wireless security are out of the financial institution's control. We can't secure the networks, at home, at Borders, at Starbucks, that our members are using to access their accounts.
Most of the problems of wireless security are out of the financial institution's control. We can't secure the networks, at home, at Borders, at Starbucks, that our members are using to access their accounts.
Tuesday, June 01, 2004
Simple Passwords No Longer Suffice
Even though most online banking users don't want to hear it, we may be coming to the point where an account number and the last 4 digits of your SSN is not enough. This AP article offers a couple alternatives.
Mission Statement
This is my attempt at creating a place where online banking professionals can come together to discuss online banking and the trends contributing to its future.
Subscribe to:
Posts (Atom)
