Consumers Need To 'BANK' On The Banks - Leading Web Security Expert Calls For Banks To Take The Initiative In Fighting The High Level Of Security Breaches In Internet Banking
The spiralling number of cases of "phishing" email scams, a practice which involves computer hackers luring consumers into handing over their internet banking passwords unwittingly, could be tackled by the banks according to a leading web security expert.
(PRWEB) December 4, 2004 -- Reacting to a report by the Anti-Phishing Working
Group, which highlighted that six-and-a-half-thousand new types of phishing
email had circulated around the internet in October - three times higher than in
the summer - John Rainford, Chief Executive Officer at internet security
specialists PassGo Technologies, said there is cost effective software already
developed which would safeguard against consumers' password details being passed
onto the hackers.
Says Rainford: "At the moment the emphasis is on the
consumer being careful and vigilant about emails they receive which appear to
come from their banks asking for their password information. However there is a
new form of email being sent by the cyber criminals, which when opened can
monitor where people go on the internet and which passwords they use. Therefore
it doesn't matter how careful the consumer is, hackers are finding a way round
this.
"The good news is there is already an answer, which the banks need
to consider if they wish to reassure customers about the security of their
internet banking services. Just as important it will help the banks save
potentially millions of pounds on online banking fraud claims made by
customers."
Rainford says: "The problem is that consumers currently have
one password. By using an authentication software solution - which is already on
the market in the form of a keyring device called a "token and used by
businesses to stop hackers gaining unauthorised access into their corporate
networks - the password of an online banking user can be constantly changed
every thirty seconds. The password is valid only once, and can never be used
again. By giving the customer the means of having their own automatically
changing password, it renders useless any password stolen by a password thief.
"
Some European Banks are already using such authentication devices,
which are distributed to clients. However, this raises the issue of the cost of
implementing such a solution for thousands of customers.
However,
according to Rainford users can be equipped with authentication software online
by the bank, eradicating the need to distribute tokens to all of their
customers. Other techniques include an innovative scratch-card password system
for banks to issue to their customers. This involves each customer being
provided with a scratch-card consisting 100 unique passwords, which would match
those stored on the bank's server. Customers then scratch off each password in a
certain order and the software will alert the bank regarding any passwords,
which are used in the wrong order.
How It Works
The authentication
software comprises an individual "seed" - a file that is associated with the
software - which is contained within a small key ring device called a token.
These seeds would be stored on the bank's security server. When the user wanted
to gain entry to an online banking account, they would simply click on their
authentication software token and a password would be provided. This would match
with the records on the bank's server, containing the user's password details,
to ensure authorized access. The next time the user went onto their online
account, they would automatically be given another password from the
authentication device.
Corporate Background
PassGo has been
developing software solutions to combat such potential breaches of Internet
security. In 2003 PassGo was in Software Magazine's Top 500 List of the world's
foremost software companies. www.passgo.com
# # #
Source : http://www.prweb.com/releases/2004/12/prweb184940.htm