Security measures such as the use of one-time passwords and phone-based user authentication -- considered among the most robust forms of IT defenses -- are no longer enough to protect online banking systems against fraud, a Gartner Inc. report warns.Cybercriminals are using increasingly sophisticated tactics to outmaneuver security systems so they can steal customers' log-in credentials and pillage their bank accounts , according to Gartner analyst Avivah Litan , who wrote the report.
Trojan horse programs lurking inside a customer's Web browser can steal one-time passwords and immediately transfer funds, or intercept a transaction between a bank and a customer and make changes unbeknownst to the user or the bank, Litan said.
In cases where a bank uses a phone-based, "out of band" authentication system, criminals use call forwarding so that the fraudster, not the legitimate customer, gets the call from the financial institution, Litan said.
Banks need to quickly implement additional layers of security, she advised.
Because any authentication method that relies on a browser can be attacked and defeated, banks should start using server-based fraud detection to monitor transactions for suspicious patterns, Litan said. The goal is to monitor log-in, navigation and transaction activity to spot any abnormalities that suggest an automated program is accessing an application, she said.
Read the full Gartner report here.....
Posts
No comments:
Post a Comment