Banks urged to look for stronger security

27.10.2005
Von 
Jaikumar Vijayan schreibt unter anderem für unsere US-Schwesterpublikation CSO Online.

Swedish bank Nordea AB, for example, was forced to shut down its online services for several hours earlier this month after phishers reportedly tried to trick bank clients into parting with one-time passwords Nordea AB had supplied as part of a strong authentication system.

More recently, the Bank of New Zealand was forced to suspend Internet banking services for several hours after phishers attempted to steal customer log-ins and passwords by directing them to a spoofed Web site that was an exact replica of the bank"s site, according to a statement from the bank.

Stronger authentication by itself is of little value in protecting users in such cases, according to Penn.

"It"s not just about the authentication," he said. "If all of a sudden I change my address and then request a replacement credit card, that should raise a lot of red flags -- and it has nothing to do with authentication."

Real-time transaction monitoring and account behavior modeling techniques have been used for years to combat fraud in the credit card industry, said Ted Crooks, vice president of global fraud solutions at Fair Isaac Corp. in Minneapolis.

Fair Isaac"s Falcon fraud management technology has been widely used by credit card issuers since the early 1990s to detect and prevent fraud. At a high level, the technology works by monitoring transactions and account activity in real time, looking for and flagging any behavior that deviates from the norm, Crooks said.