A recent study by a UC Berkeley Law School researcher reveals that the top three banks vulnerable for identity theft are HSBC, Bank of America and Washington Mutual. Even though online banking has showed continue growth, security is still a major concern. Read this article that investigates the various security issues facing the online banking community.
Customers of HSBC, Bank of America and Washington Mutual may want to think twice about banking online. Quickly. The three banks are identified in a study by a UC Berkeley’s Boalt School of Law researcher as the most victimized by identity theft.
CNet, which links to the study, says that researcher Chris Hoofnagle used numbers received under a Freedom of Information Act request. He ran the numbers from three randomly chosen months in 2006. The results were that HSBC had 21 incidents per billion of dollars on deposit, BoA had 17 and WaMu 16. ING was the most secure, with a lone incident per billion on deposit, the study said.
The story says that the findings dovetail with a 2007 report from Cambridge University that said BoA and WaMu phishing sites usually stayed afloat for more than 100 hours, while Chase and PayPal general got such sites taken down in less than two days.
Reasons to worry about HSBC are validated by this NY Magazine post and the consumerist.com post to which it links. The first post, which is in a gossip column, mentions that four cases recently have come to light about the loss of thousands of dollars in online banking scenarios. The consumerist post says the bank's fraud department is overwhelmed. While the posts seem to have some level of sensationalism, they nonetheless raise legitimate and unsettling questions.
Such information makes the ambivalence most folks feel about online banking seem reasonable. There is a wealth of valuable and interesting information in this posting at Security Park by Fortify. The first section highlights the three dangers of online banking. Like everything else on the Internet, the fact that global poses as much a risk as an advantage. A thief in England can take a crack at bankers in the U.S. Attacks are more varied than physical attacks and online security is difficult for end users to understand.
This all doesn't mean that online banking isn’t safe if done correctly — both by the institution and the customer. The writer points out that online banking is growing. Both the perception and the reality is that safety is improving and, for this reason, crackers are beginning to target smaller and less sophisticated institutions. Indeed, it’s possible to argue that online banking is safer than physical banking. The lion’s share of financial fraud is done in the real world and, even if online theft is attempted, alerts are sounded quicker and loss is less than off-line theft.
This University of Washington post provides significant insight into the pros and cons of online banking. It begins by establishing two overall goals: That the application should always be available and that "adversaries" — the bad guys — should not be able to access them. Weaknesses of online banking include the possibility that hackers will seek to disrupt servers and use phishing attacks, keyloggers and man-in-the-middle attacks.
The story offers possible defenses against these attacks and assesses the overall risks. Phishing and keylogging are high risk, the writer says, and man-in-the-middle attacks are of moderate danger. The writer says that he hopes that no banks still are sending passwords in the clear.
Online banking apparently is convincing enough people that it is, indeed, safe, according to a Gartner study conducted in the U.S. and the U.K. during June, July and August of last year. The firm, according to eMarketer, found that 71 million people in the U.S. and 14 million in the U.K. use such services regularly. It's mainstream, Gartner says.
The trends show that it is more popular among younger and higher-income folks, and online customers don’t abandon traditional channels such as ATMs and the telephone. The use of online in addition to - not instead of - other forms of banking could impact the marketing of these services.
United, Internet Users Stand; Divided, We End up at Phony Sites
Last week, news hit of a vulnerability in the Domain Name System that, if exploited by hackers, could lead surfers to phony Web sites. The flaw was found by Dan Kaminsky, the director of penetration testing for IOActive. Kaminsky tells IT Business Edge’s Carl Weinschenk that the potential severity of the problem led vendors and researchers to work together to create the patches that now are available.
Defining Virtualization's Role in Regulatory Compliance
Greg Shields, an independent IT author, speaker, consultant, and columnist for Virtualization Review Magazine discusses how compliance and virtualization are related. He shares insight on how virtualization managment tools can play a part in compliance and how that works.
Virtualization Thrives, Security Struggles to Keep Up
VMware has acknowledged a "critical" vulnerability in shared-folder configurations on Windows-hosted VMware software. The bugs lets users of a guest system access host system folders. VMware has not yet released a patch. Virtualization is definitely the server technology of choice, yet security is still a priority.
