Microsoft's Bill Gates has warned that PCs were mever designed as a secure means of sensitive commercial transaction. As such, the advent of internet banking has been both a blessing and a curse; curses in the forms of phishing scams or virus infections, both with objective of tricking the unsuspecting into handing over their banking account numbers, passwords and Personal Identification Numbers (PINs). Banks are avoiding publicity about online banking fraud to protect consumer confidence especially since they are making huge profits by going online. The costs are much lower than having a physical presence so it's in their interest to promote that it's easy and safe and play down those risks.
As a result, despite the fact that card and payment fraud losses at a European Union level have been estimated at up to USD 1.4 billion annually, it is quite easy to see why more and more people are embracing internet banking. Not only it is easy to use but its round the clock availability has scored highly on the consumer's books. According to Apacs, the UKs payments association, online banking has grown by 174 percent since 2001 to reach 17 million online banking users. But what makes them take the risk? Online auction house eBay did a study in Australia and the results were alarming. A staggering 93% of internet users don't even know what phishing is and 72% engage in online behaviour that puts them at risk of an online scam. They say ignorance is bliss but in this case, it can also burn a mighty big hole in your pocket.
What could pose as an even bigger problem is the fact that phishing scams are becoming increasingly sophisticated. An internet security report from security software developer Symantec reveals an 18% rise in phishing messages in the last six months of 2006. Many use accurate logos and trigger words such as 'security breach', 'account suspended' response. Experts admit that global cyber threats are becoming more advanced with new malware that can penetrate a person's entire computer system. And the list of high-tech scam tactics gets even scarier.
NEW TACTICS
In 2006, the Citibank in New York became the first victim of a man-in-the-middle attack. These attacks on banks intercept real-time transactions to swipe funds, directing victims to convincing proxy sites where the fraudster captures their password then passes through to the real banking site to manipulate fund figures, for example, changing a USD 60 withdrawal to USD 500, which the user and the bank can't see.
It was a shocking breach for a bank using two-factor aunthentication - the current industry standard that requires customers ti prove their identity twice; first with something they know and then with something they have, such as a security token or unique code. In the Citibank case, a Russian gang used a fake URL to recod the one-time passwords, which last only a minute, putting USD 1 trillion of assets in danger. Citibank managed to intercept the attack and shut down the 30 illegal phishing sites before any money was stolen. Consumers say that if banks such as Citibank can be hacked into, there's not much chance for the average person, which is why business needs to insure consumers against loss.
Many experts believe that fraud moves rapidly across types of business and geographies; believing that fraud is learnt and passed from one part of the world to another. Another troubling indication is the rise of sinister bots or zombies - unsecured computers that are hijacked by criminals to do their dirty work for them. There are more computers online all the time and it they're not adequately protected, they're susceptible to becoming bots. In Australia, one zombie army was found to have 400,000 computers under its power while in the Netherlands, another was in control of 1 billion computers, putting millions of personal details into the wrong hands.
In 2006, police in Australia brought down one phishing ring that robbed 61 Australians of more than USD 600,000 and a year later, arrested an 18-year-old New Zealand-based hacker for alledgely leading an international botnet hacking ring called the A-team, responsible fo the control of 1.3 million from USD bank accounts. The mastermind could face up to 10 years in prison. He is reported to be assisting the FBI in its investigation - operation Bot Roast - to bring down botnet attacks, whoch FBI director Robert Mueller described as "the weapon of choice for cyber criminals".
FIGHT AGAINST FRAUDS
So what is being done on a more grander scale? Microsoft researchers say there's a battle being waged between attackers and defenders of computer systems with virtual machine-based rootkit programs, which download automatically through infected websites, giving a hacker total control over your computer by working invisibly underneath the operating system. In an attempt to stay ahead of criminals, the company has been trying to create scams to see whether it can defent itself.
Symantec;s technical product manager Robert Pregnell says the latest version of its anti-virus software uses five different security technologies, including behaviour-based monitoring, to intercept scammers. But he says anti-virus protection is no longer enough to keep us safe. "Good practice online, like not using the same password everywhere or asking yourself, 'Do I know this person and did I expect this email?' is as effective as the best technology you can buy," he said.
There are those who believe banks are partly to blame for online banking fraud by failing to raise enough awareness and as such, banks may be pushed to issue warnings about internet fraud in their bank statements to customers. In truth, banks spend hundreds of millions eash year in a cat-and-mouse fight between online security and fraudsters. In spite of better security technology, consumers remain the weaker link because despite everything that banks can do and are doing, the ultimate solution rests with the individual consumer. Security just has to become a habit. That means updating anti-virus and anti-spyware daily, checking that it's working and educating the entire family, including children, about risks and protection.
What's important to note is that online banking customers are safe from any criminal activity as long as they keep their computer virus-free. This point has been reiterated time and again. An expert from the financial services industry has said that internet banking is as safe as doing anything else on the web. Spokeperson for HSBC Nick Staib remarked that purchasing goods over the internet and booking flights are activities that consumers normally do, which involves them typing in their card details. Online banking is as safe as these activities as long as there are no viruses on the computer, he commented. "If there is no Trojan or spyware on your computer then it's actually perfectly safe doing online banking."
The question remains though: is internet crime scaring away onliine bankers and shoppers? Apparently not. The number of users of online marketpalces are steadily increasing. For instance, in just seven years, eBay's Australian membership has grown to five million users. And more customers are choosing to bank online. Experts believe consumers ultimately hold the key to defending their own wealth. Although there's not a computer connected to the internet that would be 100% secure, the use of anti-virus, anti-spyware and firewalls is a critical part of raising the bar.
Microsoft's new operating system, Windows Vista, has at least addressed user access control with its BitLocker Drive Encryption, which protects data on the hard drive if your computer is lost or stolen. The bottonline is presently, internet banking is safe as long as you take the necessary precautions. Let's just hope that by the time a newer and more sophisticated scam tactic emerges, we are all equipped and prepared to win the fight, and at the same time keep our money.
BEAT THE SCAMMERS
* Never access internet banking accounts through hyperlinks embedded in eamils, suspicious pop-up windows, or internet seach engines.
* Access bank accounts by typing the website addresses at the address bar of the browser, or even better, by bookmarking the genuine website and using that function to access the site.
* Install and keep up-to-date anti-virus software (new versions include anti-spyware/adware) and a firewall. Tick the 'automatic update' box for daily updates.
* Consider a separate credit card account with a low credit limit for online transactions.
* Choose a secure password with both letters and numbers and change it regularly.
source: am magazine
No comments:
Post a Comment