Phishing, Pharming, Spyware, Viruses, Spam, Spear Phishing, is only some of the threats that banks and us the ordinary people face!
Money is the easily usable, convertible, valuable material we all own (well some of us have more than the others and they should learn to let the human race benefit from it by being a good citizen and contribute to our good charities.. sorry couldn’t resist ) and Money is what majority of the above attacks being used for by fraudster and now the organized crime! In the 90s organized crime was stealing credit card slips from restaurants when people used to pay their credit cards. This is like “ambushing” your credit card. Just like you would, if you were the head of the organized crime, identify the weakest point in your victim’s transaction or action and ambush him there. That’s how convoys used to get ambushed in the old days by bandits by identifying the most vulnerable point. Its not that easy to come steal credit card information or your bank details, by coming and stealing it from you physically (even though I am sure this happens frequently by the pickpockets etc). We have a new vulnerable point as we now exchange our “valuable information”, whether credit cards or banking online, this is where the “bandits” (organized crime) is sitting and waiting to ambush us! Internet removed the need for “proximity” a person in east Europe is as close to you as your next door neighbour as far as internet is concerned. We are all connected to the same net. Unlike good old days where you could only be ambushed by local bandits or fraudsters, now thanks to Internet the doors are wide open to any and every bandit from around the world! Don’t get me wrong I love internet and its an amazing tool for the human race, but we should understand its vulnerabilities and fix them. So why is this the weakest point then? Well for one, the number of people who can ambush you has exponentially grown from your local bandit to the bandits of the world! Secondly, there is literally non-existent levels of authentication of who and what you are dealing with. Now a good chunk of use the Internet for many reasons including banking. Lets be honest, its darn easier to click and get a financial transaction then going to your local branch! So organized crime knowing that this is the weakest link, and knowing that the ROI in their fraud is getting better and better as we all slowly move on to internet, they are investing in new tools and creating more sophistaceted attacks and ambushes for us all! Its all well and good for us to enter a challenge when represented to us by our bank so that we can verify ourselves, but what is there to say that we are entering this challenge on the “legitimate bank site?”. We don’t know. Some even suggested perhaps we let the users choose a graphic only they know so that we can present it to them when they login to the site: But hang on a minute, doesn’t the bank has to identify the user before it can show that specific graphic? And what is there to stop a Man In the Middle from luring you to their website, pretending to be your bank, asking your username, on the background, giving that username to the bank so that bank could display the graphic that “you chose” and for the MIM to show that to you? This is a simple MIM attack which does not take much programming! The problem we still all face is our “inability” to verify what we see on the Internet! That is the problem we must solve. Showing the end user something they have chosen as their graphic to validate the website is flawed. We must add “Authentication” to the “Content” we rely upon!
Melih