Scams Target Latest Upgrades in E.Banking Security

Financial institutions across the country are scrambling to meet a Dec. 31 deadline set by banking industry regulators to have security processes in place for online banking that go beyond simply requiring customers to enter a user name and password. While some of the protections being adopted should help people feel more confident about online banking, there are signs that criminals already are adapting their techniques to defeat those measures.

Some institutions, such as Citibank, have chosen to require certain online customers to use a supplied token in addition to their user name and password. This approach generally relies on a small device that generates an additional password that changes every minute or so. Yet, a high-profile attack Security Fix detailed in July shows that this method is reliable only so long as phishers don't also ask the user to enter the token-generated password. Scams Target Latest Upgrades in E-Banking Security - Security Fix

Linked by shanmuga Sunday, 29th October 2006 9:44PM