Note for all Bank CTO’s – US DoD are looking carefully at Open Source with suggestions that they are already using it.  Matt’s comments are illuminating for Banks. U.S. Department of Defense announces open-source conference | The Open Road – The Business and Politics of Open Source by Matt Asay – CNET Blogs It should be fascinating to see how much open source is being used in the world’s most finicky IT buyer. If open source can meet the performance and security demands of the U.S. Department of Defense, surely it can enable more pedestrian uses of technology…like selling widgets … Continue reading US Department of Defense sponsors Open Source conference

Military intelligence is not normally for this blog, there is an undercurrent in this new military front, that is directly aimed at Banks and financial services. No doubt our side is developing those same capabilities, but the prospect of being pawns, and the customer disruption prospect is real.  All the more reason, for Banks to develop multiple channels, and have a mobile strategy, that might be their main customer contact point in a crisis. “China’s ambitions extend to crippling an enemy’s financial, military and communications capabilities early in a conflict” The extent of the work in this area is astonishing, … Continue reading China’s ambitions extend to crippling an enemy’s financial, military and communications capabilities

I applaud HSBC and Abbey National for not being lemmings on the European push to chip and pin for online banking.  Its actually not just Europe, with some Canadian examples I am familiar with thinking the same way.  Finextra: HSBC investigates ‘out of band’ authentication for Web users HSBC and Abbey have so far opted-out of the national banking industry push to supply online account holders with Chip and PIN-style home banking technology. Such systems are considered vulnerable to man-in-middle attacks and require the consumer to carry a personal card reader at all times. Continue reading HSBC investigates ‘out of band’ authentication for Web users

In what is described as an unparalleled onslaught against online banking, criminals are attacking Italian web sites, in an effort to steal online banking identities. Trojan attacks are not new, but experts say the scale of the latest onslaught is unparalleled, as is its focus on established websites to steal banking identities. “This is a paradigm shift. We can expect to see this kind of thing being replicated now for the next five or six months,” said David Perry, a director of another west coast web security firm, Trend Micro. Source: Guardian The attacks involve downloading a keylogger onto customers … Continue reading Unparalleled onslaught against online banking taking place

Lloyds admits one of the secrets no-one wants to talk about. Most fraud and stealing occurs from employees and internal sources. The bank has bought a new generation of super-smart computer software that will enable it to keep better tabs on its 67,000 staff. The computer program will monitor 75 million transactions a day by branch and call-centre staff in an attempt to identify suspicious patterns and nail the culprits. Source: The Times In particular, the matter of criminal gangs integrating into call centres is a fact of today, and Lloyds are choosing to go public with their efforts to … Continue reading Lloyds breaks one of the taboos of Banking

Estonia is a highly evolved internet marketplace including Government services, tax filing and various forms of ecommerce. A political situation involving the taking down of a Soviet statue, has resulted in mammoth cyber attacks, which sound like denial of service attacks against the Estonian internet infrastructure. The cause is allegedly inside Russia, who has denied involvement, but the results involved computers from around the world. The Russian government has denied any involvement in the attacks, which came close to shutting down the country’s digital infrastructure, clogging the Web sites of the president, the prime minister, Parliament and other government agencies, … Continue reading Cyber war – Estonia shut down, including focus on Banks

This attack method is frightenly simple. The bad guys ping account numbers until they are successful in making contact with a legitimate account. Upon successful identifaction of an account the bad guys can debit the account. This highlights an apparent flaw in the US ACH system. the scammers appeared to be taking advantage of validation weaknesses among businesses using the automated clearinghouse (ACH) system, a private electronic payment network that links banks with one another via the Federal Reserve. The network is used by banks to process large volumes of payroll, credit and debit card transactions, but it also facilitates … Continue reading A frightening new account attack

I worry about the perception created by HSBC and Abbey. Its assumed that two factor and tokens are synonymous. The notion that HSBC and Abbey will become front-line targets for the fraudsters is supported by evidence presented in this paper, ‘Closing the phishing hole’, by Ross Anderson, professor of security engineering at Cambridge University. Two factor requires that there is a second level of authentication, beyond, username and password. For sure I know Abbey have deployed Passmark- HSBC I am guessing, have, or something similar. Passmark uses the forensics of the customers computer as the 2nd factor. It works like … Continue reading Two-factor authentication is not well understood

 New survey from Javelin, reported on here at Networkworld conclude something that should be of no surprise given the identity theft issues over the last 3 years in particular, and the visibility in the media to the problem. Stephen Knighten, a statistical analyst at Javelin, said: “We identified an important shift in what concerns consumers most about banking online. ….. the financial services industry must go beyond zero liability protection and offer more comprehensive identity safeguards to gain the trust of consumers Source: Online banking users value security before convenience – Network World I remember thinking and debating back in … Continue reading Online banking users value security before convenience – Javelin

PayPal have gone mainstream with the addition of a security token, for 2nd factor authentication.  They charge a one time fee of $5. Hat tip Nishad. We protect your PayPal account with one of the highest levels of online security available. Now you can add even more protection with the PayPal Security Key. Source: The PayPal Security Key – PayPal   Technorati tags: security, two+factor+authentication Continue reading The PayPal Security Key – PayPal