Report Finds Banks Sloppy With Your Info

This is not the kind of news we need now. As we are trying to educate members/customers to be wary of the lurking threats we are getting the reputation for playing fast and loose with sensitive data (thank you Bank of America).

KISS: Keep – It – Secret – Stupid!

Gonzo Banker seems to have the market cornered on clear and pragmatic thinking. A simplification of their simplification: there is no solution to the security problems we are all facing but we all have to keep plugging away to try to keep ahead of the hackers and to show our members/customers that we are serious about it.

They (the article's author is Tripp Johnson) also make the point that banks/credit unions and their technology partners give too much away in their press releases touting new security. Good point! Hackers may be the only ones reading press releases because they are the only ones who benefit from reading them.

Security no match for theater lovers

The experiment described here was devious and effective. The sad part is that it will take an economic catastrophe before people are sufficiently skeptical of this type of social engineering.

Putting Phishers In The Banking Frame

This is another scary example of phishing, a cross site scripting vulnerability attack. This type of attack includes a link to a legitimate page but puts a frame of the bad guys site on top of the page.

Still, users will only see the frame if they click on the link within the email. We need to keep reinforcing with our members/customers that we will not send them emails with requests for information.

Banks 'wasting millions' on two-factor authentication

This is not good news. Getting rid of passwords in favor of other authentication (tokens, scratch cards, etc.), the latest state of the art security, only nudges the bad guys to use other tricks. I guess I never thought two-factor authentication would eliminate fraud but I thought it would at least be awhile before work arounds would be devised. It hasn't even become mainstream yet.

This note from Credit Union tech-talk is not good news either: "Some security experts believe that the day when two-factor authentication is mandatory for online banking access is drawing near."

If two-factor isn't the real solution but everyone is headed down that road it is only a matter of time before we all have to change direction again. This will be bad from a time and resources perspective and from a credibility one. We need to figure this out before consumers lose confidence and adoption starts to fizzle.

A.T.M.'s Pick Up Web Site Tricks

One of my favorite jokes while waiting in line behind someone at an ATM (Read: It's really only funny to me.) is: "What is this guy trying to do? Refinance his mortgage." If more ATMs like the ones talked about in this article become available it will no longer be a joke.

E-mail 'phishers' attack MSU Federal Credit Union

They're getting closer. MSU Federal is less than an hour away from us.

New Industry Helping Banks Fight Back

Phishing is creating opportunities for companies with the technology to fight it. Corillian, the Internet banking provider, uses the novel approach of monitoring activity and warning banks when a number of different accounts are accessed from the same IP address. Unlike the other measures mentioned in the article this seems the best because it can be done without adding technology, that info is already tracked, and because it is a single source, the others cull info from several sources. Maybe I'm being overly simplistic but I think simple works the best.

A Glimpse Of The Internet Banking Future?

I doubt the example Jeremy Wagstaff's cites in this post is really a bank backing away from Internet Banking but rather them making a transition from one platform to another. If the bank he's talking about is really trying to protect itself from phishing I don't see how it does. I don't understand how a VPN is protected from social engineering attacks like phishing.