Identity Theft - News





CNN: Web banking to get security upgrade.

Posted by Administrator (admin) on Jun 28 2007 at 10:22 AM
News >>

US banks are looking to meet new demands from federal regulators to move to “two-factor” authentication for web banking sites. Two factor identification checks more than just a user name and password to verify a customer’s identity, including checking what computer you are logging in from, connection speed and time of day compared to a profile that stores your usual preferences. Many banks are exploring issuing special hardware to their customers, similar to hardware issued from European banks – “where data-privacy laws are stronger”. A smart card – or electronic token – displays a changing series of passcodes that can greatly reduce the “phishing” threat. Similar to smart cards issued by corporate VPNs, a user would log into a web site, enter a username and password, and then enter the random passcode that is physically generated on the smart card. Phishing is the act of sending an email using a forged identity (or sending name) and surreptitiously seeking to divulge personal information such as a username, password, bank account or ATM PIN. Experts are suggesting that despite the smart-cards, phishing sites may seek even the random passcodes and then immediately pass them onto the banking site. Experts are estimating the risk of this as low, but that the possibility exists. The article states that “such frauds are rare – if they happen at all – but that’s because there are so many easier targets, for now”. Also central to the issue are concerns that smart cards and additional methods to validate a user’s online identity may become difficult for users, or more costly to implement. A recent attempted implementation by ETrade Financial Corp offered token cards to its 2.8 million US customers, however only 20,000 signed up. Other banks worry that the number of financial institutions an individual deals with will create “necklace” effect in which a user will have to maintain a number of smart cards. “However, even this kind of approach could be flawed unless many users are better educated about the constant arms race between Web sites and criminals. Social engineering, not technology, often is the real problem.”






Copyright 2007 - Design Runway LLC. All Rights Reserved. Powered by Design Runway & Website Baker - Site Map