The spiralling number of cases of "phishing" email scams, a practice which involves computer hackers luring consumers into handing over their internet banking passwords unwittingly, could be tackled by the banks according to a leading web security expert.
(PRWEB) December 4, 2004 -- Reacting to a report by the Anti-Phishing Working
Group, which highlighted that six-and-a-half-thousand new types of phishing
email had circulated around the internet in October - three times higher than in
the summer - John Rainford, Chief Executive Officer at internet security
specialists PassGo Technologies, said there is cost effective software already
developed which would safeguard against consumers' password details being passed
onto the hackers.
Says Rainford: "At the moment the emphasis is on the consumer being careful and vigilant about emails they receive which appear to come from their banks asking for their password information. However there is a new form of email being sent by the cyber criminals, which when opened can monitor where people go on the internet and which passwords they use. Therefore it doesn't matter how careful the consumer is, hackers are finding a way round this.
"The good news is there is already an answer, which the banks need to consider if they wish to reassure customers about the security of their internet banking services. Just as important it will help the banks save potentially millions of pounds on online banking fraud claims made by customers."
Rainford says: "The problem is that consumers currently have one password. By using an authentication software solution - which is already on the market in the form of a keyring device called a "token and used by businesses to stop hackers gaining unauthorised access into their corporate networks - the password of an online banking user can be constantly changed every thirty seconds. The password is valid only once, and can never be used again. By giving the customer the means of having their own automatically changing password, it renders useless any password stolen by a password thief. "
Some European Banks are already using such authentication devices, which are distributed to clients. However, this raises the issue of the cost of implementing such a solution for thousands of customers.
However, according to Rainford users can be equipped with authentication software online by the bank, eradicating the need to distribute tokens to all of their customers. Other techniques include an innovative scratch-card password system for banks to issue to their customers. This involves each customer being provided with a scratch-card consisting 100 unique passwords, which would match those stored on the bank's server. Customers then scratch off each password in a certain order and the software will alert the bank regarding any passwords, which are used in the wrong order.
How It Works
The authentication software comprises an individual "seed" - a file that is associated with the software - which is contained within a small key ring device called a token. These seeds would be stored on the bank's security server. When the user wanted to gain entry to an online banking account, they would simply click on their authentication software token and a password would be provided. This would match with the records on the bank's server, containing the user's password details, to ensure authorized access. The next time the user went onto their online account, they would automatically be given another password from the authentication device.
PassGo has been developing software solutions to combat such potential breaches of Internet security. In 2003 PassGo was in Software Magazine's Top 500 List of the world's foremost software companies. www.passgo.com
# # #
Source : http://www.prweb.com/releases/2004/12/prweb184940.htm