|
Maintaining the security and integrity of
customer accounts has never been more challenging as the sophistication
of attackers increases. After years of attempts at breaching
the Banks' firewalls and physical security, attackers are
turning their attention to the soft targets of the banking
systems' users through phishing scams and spyware attacks.
In a typical phishing attack, the institution's website is copied by an attacker. Using email, the attacker encourages the customer to click on a link, drawing them to this rogue copy of the website. The rogue website looks, feels and acts exactly like the institution's site - with the same logos and graphics - but it only exists to capture the customer's personal information for criminal use.
Another problem is the Trojan Horse (or spyware) attack where an individual's computer has a small piece of software installed (through a virus or other means) that can monitor their keystrokes and internet activity. The information a user enters can be then communicated silently, via the internet, to a remote attacker.
Like all successful scams, the latest take advantage of people's naivety and trust, using the simplest of ideas. These scams, and identity theft problems in general, are neither new nor confined to internet users - it's just that the internet has opened up a new set of opportunities for theft.
Swift Call has been closely monitoring the evolution of these
attacks and has been working to address the issues in a timely
and cost-effective manner. As part of this process Swift Call
has developed a Second Factor Authentication system that uses
our proprietary Factor2™ Personal Icons security system
and optional VASCO Token-based,
One-time Passcodes. In short, a set of techniques that does
not rely entirely on the users' own ability to protect their
data.
As an added benefit to our financial institution customers these capabilities are available through a fully hosted
service making implementation fast and economical.
These additional techniques do not obviate the need for better end-user education about the environment in which they are working, and the reinforcement of the need for vigilance in the protection of their own computer systems, networks and passwords.
Indeed, as the latest spate of attacks suggests, it is only a matter of time before another vulnerability in the chain of people, systems or equipment will be found and exploited.
The need for these new levels of security comes on top of other security provisions needed to protect access to the financial institutions' computer systems and networks on which the customers' details are maintained.
To help address the issues Swift Call has produced a document that details the nature of the phishing scam and spyware, describes a range of approaches to its control and sets out Swift Call's solution. This is available on request.
|
