Fixing Security Flaws Won't Save Online Banking Customers

Published 15th August 2006

Research from Cardiff University has revealed that around 3 million online customers of HSBC may be vulnerable to fraudulent attacks. This is because HSBC has failed to patch a security vulnerability known to the bank for the past two years. Online customers at the bank are allegedly being targeted by cybercriminals who use 'keyloggers' to capture data in order to access online accounts at a later date and steal funds.

Commenting on the security flaw, Andrew Moloney, senior product manager at RSA Security's consumer solutions division, said: "HSBC has been heavily criticised for not addressing this flaw, but I don't believe this criticism is valid. No banks' systems are 100% secure, and even if every flaw was patched immediately this would not mean that online banking users were safe from fraudsters - far from it.

"Online fraud attacks rarely rely on technology flaws, they flourish because of the one flaw that cannot be addressed by a security patch - the user. This means deploying proactive measures to thwart online fraud attacks before they proliferate and using technology that is intelligent enough to recognise anomalies and inconsistencies in a user's online behaviour. User education is also crucial

We work with most of the financial institutions in the UK and one thing is clear: they are putting up a concerted fight against online fraud. Most banks have more than one layer of security in place and many more are taking advantage of the sophisticated solutions now available to help fight internet fraud. Banks like HSBC have to prioritise and devote their efforts to employing the most effective defense against online fraud - simply patching security flaws is not the answer."







Company Profiles powered by ITReseller.com