Security tokens could counter Aussie banking fraud
Security tokens could counter Aussie banking fraud
Security tokens with pin numbers that change every 60 seconds could be the answer to combat the recent wave of internet fraud banking attacks which have plagued Australia over the last year.
The problem of phishing has been on the increase worldwide for some time. In 2002, the US Federal Trade Commission (FTC) reported that identity-theft complaints were the most common fraud complaint reported by US consumers, accounting for 43 percent of the total number of complaints.
Ozemail, E-bay and leading banks in Australia, such as Westpac, have all been hit recently with these fraud attempts by hackers too. The attacks are on the increase, but RSA security's vice president of the Asia-Pacific, Richard Turner, said that the banks protections are not enough. "The scams being used are designed to get customers to provide their user ID and password for internet banking. False sites have been set up so that hackers can track the keystrokes made by the customers and use them later to access their accounts. Bank are doing a better job of educating their customers about the risks, but this better communication is not enough alone.
"We need a two factor authentication system in place to stop this fraud, such as the process at cash machines. The first form of authentication is made through the user inserting the card. The second form is made through typing in the pin number. The security token idea would create the second form of authentication with internet banking. The token is about the size of a key fob, with an LCD screen, and it shows 6 numbers that constantly change every 60 seconds, in tune with a server based at the bank. So the user constantly knows what his/her latest pin number is by looking at the token, and this is registered automatically with the bank at the same time when the user needs to do internet banking."
The problem with the current system is that if a fraudulent person gets access to a banker's username and password, they can use it until the breach has been realised. However, by using a security token, the fraudster's knowledge of the pin expires every 60 seconds.
The token has also been especially designed to avoid reverse engineering too, so a fraudulent person cannot keep track of the changing pin numbers.
This system is already in place in Westpac, where it used for specific business customers to exchange large amounts of money, but it is not yet available for general customers. It is also used by a number of companies to allow their employees to access email over remote locations. RSA Securities provide these tokens to over 1000 clients in Australia.
Turner believes it is only a matter of time until these security token are rolled out into public use. "We will see an increase in frauds if this system is not adopted into internet banking soon. The cost of insurance will eventually become too much for the banks. It will be like ensuring a 19 year old for a Porshe. But I believe that as the banking industry matures and realises the risk, the tokens will eventually become common practice voluntarily, if not due to legislative and industry standard guidelines."
Related Article: