By Dan Ilett, 6 April 2005 09:30
NEWS Leading high-street bank HSBC has admitted it is deluged by virus attacks and often detects tens of thousands of viruses a day.
The National Hi-Tech Crime Unit (NHTCU) claims companies receive an average of seven viruses a day but, speaking at the e-Crime Congress in London, HSBC's group COO Alan Jebson said that the bank was often receiving tens of thousands times that figure.
Jebson said: "I was interested to hear it was seven attacks a day. On our worst day last year we had 100,000 attacks."
HSBC holds over a trillion dollars in assets, which makes it a tempting target for virus writers and hackers. But email identity theft scams are posing a greater threat to the bank's 18.9m online customers, Jebson said.
"We are naturally very concerned about anything that would damage online banking. Customers will only do business online if they are convinced it is secure. Customers are no longer sure whether emails from financial institutions are genuine," he said.
Jebson said online fraud is damaging consumer confidence, with research showing that take-up of ecommerce is slowing.
Banks and customers need to co-operate in their efforts to thwart scammers, according to Jebson, and he said HSBC is co-operating with the likes of Citibank to share information on security, and the bank is even considering the use of biometrics in three-factor authentication - where a user would need to supply three different pieces of information proving their identity.
"The harder we make it for criminals to access accounts, the harder we make it for the public. But this is a game we cannot afford to lose," said Jebson.
Dan Ilett writes for ZDNet UK
Comments
There are 8 comments. Join the discussion
1. anonymous
Too cheap; the banks want to provide online banking but at almost no cost to themselves.
It is just too good to be true.
They have to accept that security costs and provide decent levels of end user security. Physical means of identifying users maybe an option such as secure-ID-cards or even dedicated networks.
End users must insist on higher levels of banking security if they want to keep their money safe.
2. anonymous
Barclays business uses smart card authentication as well as usernames, passwords etc to make online banking even more secure. There's no reason why HSBC cannot do this either
3. anonymous
Nat West phone me up and request the usual; mother maiden name, DOB etc. They seem both surprised and completely uninterested at my concerns over their cretinous marketing policies that teach customers to give their details to any nice voice that calls! Security begins with basic policies!
4. anonymous
I refused to divulge my security information to a bank employee who phoned me, until he told me some of it, to "prove" that he already had access to it.....I still don't know how secure that approach was??
5. anonymous
HSBC could help themselves here by not constantly changing the appearance of their internet banking site. As a personal customer I use their online banking, but they constantly update the layout and functionality of the site. The way I check it is the legitimate site is to have a look at the SSL certificate to ensure it is one issued to HSBC.
I would feel happier as a customer if they notified me of changes before they took place. That way I would not be surprised when the online banking suddenly has a new look to it. Hopefully the most recent changes will be the last for a while.
6. Richard
Why is the NHTCU so wrong?
The National Hi-Tech Crime Unit (NHTCU) seems to be chasing the wrong problem.
Why does it ignore the real problems which individuals and businesses meet everyday?
Why is there so little "enforcement" against the criminals (and ISPs) who originate viruses, "scams," "phishing" and "pharming."
Why no pressure on industry to adopt safer procedures?
Why no clear, useful "crime protection" advice?
Without improvements and better support, Government plans to lease cheap PCs and Broadband connections could make "trojans" and "bot-nets" a huge problem.
7. anonymous
My bank gets most stroppy with me when they ring ME up and say "Can we have characters x and y, to verify who you are". My response is always the same "You have phoned me on the contact details I have supplied to you, so NO, I will not give you those details as I do not know whom I am speaking to".
If, on the other hand, I telephone my banking service, I am more than happy to give the details to verify my identity.
It all seems one sided to me. If they ring you up, they expect you to give them YOUR personal details, and if you ring them up, they expect you to give them your personal details. The second is OK, but the first is Way off target.
8. a
First rule of security it to be paranoid, you need virus checkers, spyware removers, keylogger removers and anything else you can get your hands on. Even with all these measures taken into account, it is still risky when using any online computer system.
Nothing is a 100% secure!