Sophisticated Web Attacks Force Banks to Re-Think

The sophistication of increasingly widespread fraudulent techniques such as Man-in-the-Browser attacks are forcing financial institutions to re-assess how they fight electronic fraud.Authentication of the user, regardless of the strength or technique used, can't prevent these sophisticated attacks, says Validsoft, a provider of authentication and transaction verification solutions.

With Man-in-the-Browser attacks, once a computer has been infected, the malicious code is triggered when the web user visits his own online bank site.

This type of malware can retrieve information - such as login and password - that is entered by the web user on the real web page of the bank site by intercepting the HTML code on his web browser.

A financial transaction can then be diverted to a fake or overseas account in real time, without the bank client ever realizing that the transaction has been corrupted.

"To counter these attacks, banks must have out-of-band transaction verification (the ability to verify the integrity of the transaction content itself), which is the most effective method, in addition to strong authentication," says Pat Carroll, CEO of Validsoft.

In this case, even if a criminal takes over a Pc, the bank can stop a criminal in his or her tracks by phoning the user to verify the transaction.

That way, the bank is using two different channels - phone and Pc - to communicate with the client. It is highly unlikely that a criminal would compromise both these channels.The sophistication of increasingly widespread fraudulent techniques such as Man-in-the-Browser attacks are forcing financial institutions to re-assess how they fight electronic fraud. Melanie Rodier has worked as a print and broadcast journalist for over 10 years, covering business and finance, general news, and film trade news. Prior to joining Wall Street & Technology in April 2007, Melanie lived in Paris, where she worked for the International Herald ... View Full Bio