Gartner Analyst: "Are These Banks Asleep at the Wheel?"

Avivah Litan, Vice President of Research at Gartner Inc and distinguished analyst, was recently interviewed by Linda McGlasson of the Information Security Media Group to discuss fraud trends in banking. What follows are excerpts from the transcript available on's web site.
criminals are now focused on cross-channel fraud [...] they are getting better at figuring out how to call call-center operators and get their way through accounts using information that they gather on the internet to commit different kinds of fraud
they've been studying these bank websites, and they probably know more about how particular bank security works than many people at the bank themselves [...] They know how many seconds it takes for them to prompt users for authentication credential. So they've just gotten really good, some of them, at knowing how to penetrate bank security by studying them, copying them and figuring out how to socially engineer their customers to get through any of the security controls that are there.
The bottom line is all these factors [single factor, two-factor authentication] are going through the user's browser, and nothing is safe going through the user's browser because the new malware is now sitting inside that browser and is acting on behalf of the user. So you can put a biometric on your PC, you can put smart card, it doesn't matter. As long as it is going through the browser, the crooks have figured out how to beat it.
most banks are relying on cookies on customers' PC's to know it's a good customer. That reliance needs to end ...
As smaller local and regional banks are currently lagging behind in terms of fraud detection capability, Litan warns that failure to act now will likely result in government introducing new legislation or regulation.

Note: emphasis is mine.

Src: Analyst: "Are These Banks Asleep at the Wheel?" |

No comments: