Online Banking Weak Security Link: Customers
In this June CSO article, Taylor Armeding quotes George Tubin of Trusteer and points out that banking and financial enterprises have taken information security more seriously in recent years than most other industry sectors. But that does not mean banking is safe. The number of vulnerabilities for a bank is roughly equal to how many account holders it has.
“Banks are doing a good job of protecting their systems,” said George Tubin, senior security analyst with the security firm Trusteer. “The weak link is the customer, who has that direct tunnel into key apps, and is extremely vulnerable. Most of them don’t understand how easy it is for malware to get onto a PC.”
Today’s attacks tend to try to penetrate banking systems through the curiosity, trust, and lack of savvy of customers. “One of the easiest ways is phishing e-mail,” Tubin said. “It offers you something, you click on a link and get malware downloaded. Or a site that you go to may be compromised, and your PC gets infected” in a drive-by download.
Once the malware is in place, “it watches to see what you’re doing,” he said. “It can do a session takeover, where it’s in the background, submitting transactions to the institution and blocking you from seeing them. Or it will take your login credentials and wait for you to log out of your session. It shows you a page as if you’ve logged out, but it’s still logged in and conducting transactions.”
Read More.
Veratad offers 3 Essential Technology Solutions for FFIEC Compliance including “Out-of-wallet” Challenge Questions, “Out-of-band” 2Factor Authentication and an Online Compliance Portal.