More sophisticated cyber-skimming attacks on the way
By Steve Ranger
Published: 18 October 2005 13:10 GMT
Banks have been warned to prepare for a new wave of more sophisticated fraud attacks from organised criminals.
Fraudsters will start developing more sophisticated attacks as they move on from simple phishing frauds, according to John Meakin, group head of information security at Standard Chartered Bank.
Speaking at the Financial Services IT Summit in London he said: "We don't have a monopoly on the security expertise - the thing about organised crime is that they have the money and the leverage.
"They pick off the easy stuff first and that means soft targets and simple mechanisms - and you can't get more simple than phishing."
And while banks are too difficult a target at the moment he added: "Looking into the future there is no question that in five years time they will be looking to keep up that revenue stream which means more sophisticated targets and technologies."
Last week Lloyds TSB revealed it is trialling token-based authentication for its online banking customers. Although last year UK banks lost a relatively small £12m to internet banking-related fraud, the fear is that as credit card anti-fraud plans are put in place, fraudsters may turn towards online banking.
Meakin warned that one area of threat is continuing vulnerabilities in browser technologies which make 'man-in-the-middle' attacks possible. This is where an attacker can interfere with the communications between the browser and a website to their own ends.
But Richard Hackworth, head of group IT security at HSBC Holdings, said some of the flaws in current software are being fixed by vendors who are more aware of security issues now. "A lot of the problems we have today are the result of weaknesses in the technology we buy. I believe we are seeing a determined push to remedy those weaknesses," he said.
Standard Chartered's Meakin added that one way to guard against attacks is increased monitoring. "You need to be monitoring so that you prevent [less obvious] damage," he said. "If you monitor, even if it's a new threat that we've never seen before we can see the affect its having on the network."
Did anyone else think what a splendid name "Richar...
Doug Trumpshaw
Then do what most people in IT do...don't touch in...
raz
this is simple two-factor authentification with n...
Anonymous
Thus this team will also give you the exposure to Credit Systems, Portfolio Analytics, Fraud Management, Quality Analysis and Marketing teams, ...
The role will involve the development of the GASS Fraud Feed database and you will also provide support for regulatory reporting projects. Contract - ...
Website Tester - Staffordshire, West Midlands - Payment Testing, Cross-Browser Testing, Testing Tools, My Staffordshire based client requires a ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Nick Beecham and Belinda Doshi
No more tax breaks for offshoring?
Financial services firms must prepare now for 2010 legal changes
Tim Ferguson
On a new Voyager, tackling fraud and the intellectual challenge
Interview: Nationwide IT director, Peter Stafford
Nick Heath
David Lister on smart grids and why he left RBS
Interview: National Grid CIO
Andy Jones
Why banks will push ahead with offshoring
Comment: Even if they don't want to
Catherine Stagg-Macey
Legacy IT holding back insurers
Comment: Economic crisis means finance giants must step lively
Julian Goldsmith
The City fund manager with no IT department
Q&A: How asset management is embracing the cloud...