Biometric Security Layer predicted as 20 Banks get Phished
As the number of identity theft “Phishing” - scams targeting major banks in Europe, North America and Australasia reach 20 in less than a year, the mi2g Intelligence Unit predicts greater regulation from central banks and financial services authorities by 2005 that will restrict or outlaw password-only authentication techniques for online banking on the basis of “unsafe practices”. The next generation of electronic banking will rely on deeper layers of authentication that couple passwords with biometric security and smart card authentication.
The prevalent “Phishing” scams invite unsuspecting users to click on hyperlinked buttons to update their passwords and personal details and then guide them to bogus web sites with a near identical look and feel as the original bank site. The scams aim to usurp identities of legitimate banking or credit card customers to carry out financial fraud. Phishing scams’ success rate has risen from 0.1% on average to 0.5% in the last six months. For over five million online customers that translates to a response from 25,000 users. Subsequently, all five million customers must be alerted by the victim bank on the phishing scam(s) presently underway. In some instances the genuine web site has to be made inoperable for several hours or even days whilst the targeted bank investigates the extent of the financial fraud and related losses.
Although the response of the victim banks is getting faster as illegal web sites are identified and shut down, new phishing scam techniques and browser redirections are making it virtually impossible for an unsuspecting user to distinguish between a bogus and genuine web site.
Many affected banks have capped daily payments on personal accounts to between US $500 and $750 in an effort to protect customers who have been duped into revealing their security details at false bank internet addresses. This limits the capability to transfer large amounts online for several days in the immediate aftermath of a phishing scam. Loss of trust in online banking and associated anxiety have already begun to emerge amongst some of the electronic banking users worldwide.
The list of major banks that have been targeted by phishing scams in the last twelve months now includes:
USA (5): Bank of America, Banknorth Group, Citibank, First Union Bank
and VISA
UK (5): Bank of England (Central Bank), Barclays Bank, Lloyds TSB Bank,
Natwest Bank (owned by the Royal Bank of Scotland), Smile Bank (part of Co-operative Bank)
Australia & New Zealand (5): Australia and New Zealand (ANZ) Banking Group, Commonwealth Bank of Australia, National Australia Bank, St George Bank and Westpac Banking Corporation
Canada (2): Bank of Montreal and Desjardins Bank
Spain (1): Banco Bilbao Vizcaya Argentaria (BBVA)
Hong Kong and Singapore (1): DBS Bank
Latvia (1): HansaBanka
Not just banks, but government agencies like the Federal Bureau of Investigation (FBI) in the US, major corporations, eCommerce/information portals and their associated payment systems have also been targeted by the sophisticated identity theft scams including: Amazon, AOL, Best Buy, Discover Card, eBay, Earthlink, Paypal, SwiftPay and UPS.
“The elaborate nature of these scams covering three continents suggest the likely involvement of global crime syndicates, some of which are known to be more internationally diffuse than the banks being targeted,” said DK Matai, Executive Chairman of mi2g. “Our R&D shows that modern authentication technology can solve this problem given the will to deploy it.”
Hackers and sophisticated spam with Trojans or key-logging software originating from China, Nigeria, Brazil, Russia and former Soviet Union countries have been shown to be involved in carrying out some of the phishing fraud campaigns. Given the targeted nature of some of the email scams, which only affect specific online customers of a bank, senior executives of some of the victim banks suspect employees within their organisations are knowingly or unknowingly involved in passing customer contact details.
Worldwide economic damage for 2003 from phishing scams is estimated to have exceeded US $5.2 billion by the mi2g Intelligence Unit. This includes productivity losses, global brand damage repair and cost of hardware and software upgrades at the server and client level
Delicious
Digg
Reddit
Magnoliacom
Newsvine
Furl
Google
Yahoo
Technorati
Comments
Post new comment