Newsletter:

Skip Navigation LinksHome > News > Security > Web banking risk down to human error

Site Map |

Web banking risk down to human error

By Robert Jaques
9 November 2007 07:52AM
Tags: web | banking | risk | human | error

The vast majority of internet banking users are not taking even basic steps to protect themselves online, according to a new study..

Mohammed AlZomai, of the Information Security Institute at the Queensland University of Technology, said that one-in-five online transactions is vulnerable despite added security methods such as SMS passwords.

AlZomai explained that the security threat had more to do with human error and the usability of advanced authentication systems than any technical security problem.

"In response to the growing threat to online banking security, most banks have implemented special methods for authenticating a transaction," he said.

"A typical method is sending a one-time password via SMS to the customer's mobile phone for each transaction. The customer must manually copy the password from their phone in order to confirm the online transaction."

But AlZomai maintained that customers were failing to notice when the bank account number in the SMS message was not the same as the intended account number, a clear sign that hackers had infiltrated the system.

As part of the study, the university developed a simulated online bank and asked participants to play the role of customers and undertake a number of financial transactions using an SMS authorisation code.

AlZomai then simulated two types of attack: an 'obvious attack' in which five or more digits in the account number were altered; and a 'stealthy attack' in which only one digit was changed.

"It is worrisome that obvious attacks were successful in 21 per cent of cases, and stealthy attacks in 61 per cent of cases," he said.

AlZomai claimed that the experiment showed that a "significant number" of users were unable to identify the attack.

"According to our study only 79 percent of users would be able to avoid realistic attacks, which represents an inadequate level of security for online banking," he concluded.

Copyright © 2008 vnunet.com

   


Ads by Google


 

Tags

content human risk security selfservice shows side site slack smes spanish speakers struggle suncorp takes tech teleworking ten throws web

Product Reviews

NetIQ Secure Configuration Manager 5.7
Star Rating
NetIQ's Secure Configuration Manager (SCM) is a combination of client server and web-based components to help...
Secure Auditor 2.0
Star Rating
Secure Bytes Secure Auditor is actually a suite comprised of several different pieces designed to audit...
Tenable Network Security
Star Rating
For this review, I decided to combine these products into a single group of their own. Please keep in mind...
netVigilance SecureScout EagleBox SP 2.0
Star Rating
The netVigilance SecureScout EagleBox SP 2.0 is a highly comprehensive vulnerability management product.
StillSecure VAM 5.5
Star Rating
The StillSecure VAM appliance is serious vulnerability management in a single device.


TopTopics
(5612) -  microsoft
(3251) -  telstra
(2879) -  network
(2802) -  google
(2697) -  ibm
(2374) -  iphone
(2367) -  internet
(2133) -  intel
(1881) -  optus
(1492) -  broadband
(1423) -  security
(1324) -  business
(1296) -  australia
(1079) -  digital
(1018) -  windows