Crime bosses plot smarter fraud attacks on banks

Banks have been warned to prepare for a new wave of more sophisticated fraud attacks from organised criminals.

Fraudsters will start developing more sophisticated attacks as they move on from simple phishing frauds, according to John Meakin, group head of information security at Standard Chartered Bank.

Speaking at the Financial Services IT Summit in London he said: "We don't have a monopoly on the security expertise - the thing about organised crime is that they have the money and the leverage.

"They pick off the easy stuff first and that means soft targets and simple mechanisms - and you can't get more simple than phishing."

And while banks are too difficult a target at the moment he added: "Looking into the future there is no question that in five years time they will be looking to keep up that revenue stream which means more sophisticated targets and technologies."

Last week Lloyds TSB revealed it is trialling token-based authentication for its online banking customers. Although last year UK banks lost a relatively small £12m to internet banking-related fraud, the fear is that as credit card anti-fraud plans are put in place, fraudsters may turn towards online banking.

Meakin warned that one area of threat is continuing vulnerabilities in browser technologies which make 'man-in-the-middle' attacks possible. This is where an attacker can interfere with the communications between the browser and a website to their own ends.

But Richard Hackworth, head of group IT security at HSBC Holdings, said some of the flaws in current software are being fixed by vendors who are more aware of security issues now. "A lot of the problems we have today are the result of weaknesses in the technology we buy. I believe we are seeing a determined push to remedy those weaknesses," he said.

Standard Chartered's Meakin added that one way to guard against attacks is increased monitoring. "You need to be monitoring so that you prevent [less obvious] damage," he said. "If you monitor, even if it's a new threat that we've never seen before we can see the affect its having on the network."