* Posts by @ValidSoft

2 posts • joined 29 Jul 2013

New online banking Trojan empties users' wallets, videos privates


Combating global cyber crooks

Fraudsters using new and improved Zeus and SpyEye malwares like Hesperbot to infiltrate people’s computers, enabling them to steal their personal details so that they can siphon large amounts of money into their own bank accounts. This isn’t the first time that malware has conquered innocent victims’ computers, but what is more malicious about the new version is that money transfers are automated. Criminals are evolving with technology and targeting cloud-based servers.

Fraudsters needn’t lurk around the internet and wait for people to log on to their bank accounts anymore (classic Man-in-the-Middle type fraud), instead with the process computerised, criminals can now drain bank accounts more quickly and efficiently making it even more difficult to detect.

Organised criminal gangs are tactical and ambitious, targeting high net worth individuals and business accounts with large sums of money.

The real worry is the sheer scale of this global problem that we are dealing with which is now a major a core revenue generator for organised crime.

Perhaps, what the security industry needs to admit that alongside efforts to prevent fraud, the industry needs to focus increasingly on detection and what it can do is make it very difficult for fraudsters to actually use the stolen data to access bank accounts.

As I’ve said before, two factor authentication is no longer viable. The industry needs to move towards a multi-layered approach to authentication, using a mix of visible and invisible layers such as voice biometrics. Also, detection needs to work in real-time so that victims and their banks are alerted to attacks immediately and thereby given the chance to prevent it from happening, saving them the inconvenience of being out of pocket and their banks from the costs of fraud investigation.

'World's BIGGEST online fraud': Suspect's phone had 'location' switched on


USD300million and rising, will security catch-up?

The breaking news from the US indicating that over 160million credit and debit card numbers have been stolen, whilst not unpredictable, is still quite staggering. Early estimates suggest around $300 million dollars has been stolen, but this figure looks likely to increase dramatically.

It appears that a group of criminals utilising malware to infiltrate large US companies and over time steal payment related data, which then was passed onto a second group who inserted this data on to magnetic stripes to clone bank cards, and completed the fraudulent transactions by either withdrawing cash from ATMs or making purchases.

Securing data is now at the forefront of many financial institutions minds, and as the methods by which hackers compromise our personal information becomes more sophisticated, so must our approach to security.

Every time that a fraud hits the headlines there is naturally a huge focus on how the crooks got hold of all those personal banking details. But there is often less attention given to how they were then able to use the customer details to extract money from customer’s bank accounts.

Unfortunately fraudsters will always find methods to compromise our personal data. While that in itself is a major concern the solution lies in ensuring the abuse of such data can be detected and prevented. The key lies in real-time detection, prevention and immediate resolution enabled by the empowered customer. Technology is available today to absolutely achieve this, in real-time, totally privacy sensitive, highly secure and yet totally intuitive from a customer standpoint. In fact, in many cases the customer is not even aware that security is being applied as many of the techniques used are completely invisible. The answer is robust customer authentication and transaction verification, relative to the bank’s perceived risk of the transaction. It must have speed (real-time), strong security, efficiency, good customer service and ease of use, while shutting down the scope for fraudsters to benefit from their crime. Similar stories (while on a smaller scale) have been publicised for over a decade, and invariably the issues remain the same, surely it is now time for financial institutions to step up and utilise effective security systems that can protect against such massive theft of payment credentials and the inevitable fraud fall-out that has already occurred and will continue for some time to come.


Biting the hand that feeds IT © 1998–2020