Most Read
- The Urgency and High Price of New Cost Basis Reporting Law
- Algo Traders Connect To Twitter
- Wall Street Eagerly Waiting for Carbon Credit Trading
- The Bigger Questions Post Madoff
- Silver Lake’s Hutchins Touts the Cloud, Social Networking as Mega-Trends
- CME Revs Up for Surge in Carbon Credit Trading
- NYSE Divulges More Details About Its New Data Centers
- Market Data Priorities Shifting from Low Latency to Low Cost
Banks Must Heighten Security Following New Round of Attacks
A security expert says financial institutions must adopt a strong multi-factor security solution, which can protect them from all kinds of online attacks and do not need to be re-written when a new threat is identified.
"There is a growing number of attacks that are still able to successfully target banks' authentication when security hasn't been ramped up to a high enough level," says Tim Renshaw, VP at security vendor TriCipher.
His comments follow reports of a new attack against 400 banks by a Trojan program which circumvents two-factor authentication.
The Trojan can intercept transactions and silently change the user-entered destination bank account details to the attacker's details instead. Banks under attack include large U.S. institutions, as well as banks in the UK, Ireland, France, Finland and Spain, among others.
Renshaw warns that additional banks could be attacked by the same Trojan in the coming days. "The Trojan has an update functionality. So it could be a different 400 banks next week," he says.
The Trojan can also escalate its level of complexity to match the level of security of a targeted bank. If a transaction can occur at a bank using just a username and password, or if cookies are required to log-on, then the Trojan will steal this information, Renshaw explains.
In order to prevent attacks like these, banks must build security solutions that can address a broad gamut of attacks, so you're not constantly having to update, he says. Threats include phishing or pharming attacks, which direct a customer to a bogus server that completes the connection to the bank's server – and more recent man-in-the-middle attacks, which can modify customer-generated transactions or generate new transactions.
"There's always the man-in-the-middle attack of the day," Renshaw contends.
"But at the end of the day all these attacks are of the same type. They're no different from someone calling my granny and conning her out of her personal information over the phone."
Tricipher itself provides Armored Transactions, a solution that works by displayingn details of each transaction, which users then verify. Users need only enter passwords and click a mouse, but TriCipher says its PKI-based technology digitally signs the transaction through a separate secure connection, legally proving that the user authorized the transaction.
Posted by Melanie Rodier at 01:50 PM
This is a public forum. CMP Media and its affiliates are not responsible for and do not control what is posted herein. CMP Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.
Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of CMP Media LLC and may be edited and republished in print or electronic format as outlined in CMP Media's Terms of Service.
Important Note: This comment area is NOT intended for commercial messages or solicitations of business.
Greg MacSweeny Columns
Greg MacSweeneyBondDesk Selects Progress Apama CEP Platform to Deliver Real-Time Analytics & Decision Support
BondDesk will use Progress Apama's CEP platform within the BondDesk ATS.
Wall Street Firms Eye Cloud Computing to Help Counter Budget Challenges
IBM Demonstrates Cloud Computing and Low Latency Messaging at SIFMA 2009
Fidessa LatentZero Extends Asset Class Coverage For Derivatives
Larry Tabb Columns
Larry TabbThe Odds of Exchange Migration
Though it may seem like a quick fix, migrating OTC products to exchanges is a process frau...
OTC, Central Clearing or Exchange-Traded: Choosing the Right Path
Divining the Future of Professional Media in a Web 2.0 World
CHECK THIS OUTMake your organization more efficient and customer focused. Visit the Transaction Lifecycle Management Site today! Featured White Paper |
EventsLive Events:Advanced Trading's Buy-Side Trading Summit November 15 - 17, 2009 |
|
Marketplace |
Career CenterReady to take that job and shove it?
|
Most Recent Job Posts:
* Kforce seeking Collector in Getzville, NY
* KForce seeking Health Information Management Directors in San Francisco, CA * KForce seeking Health Information Management Directors in New York, NY * Apollo College seeking Program Director in Albuquerque, NM * Amalgamated Bank seeking Chief Information Officer in New York, NY For more tech jobs in the industry, visit Wall Street & Technology's Career Portal. |
























