Web banking risk down to human error

Powered by SC Magazine
 

The vast majority of internet banking users are not taking even basic steps to protect themselves online, according to a new study..

Mohammed AlZomai, of the Information Security Institute at the Queensland University of Technology, said that one-in-five online transactions is vulnerable despite added security methods such as SMS passwords.

AlZomai explained that the security threat had more to do with human error and the usability of advanced authentication systems than any technical security problem.

"In response to the growing threat to online banking security, most banks have implemented special methods for authenticating a transaction," he said.

"A typical method is sending a one-time password via SMS to the customer's mobile phone for each transaction. The customer must manually copy the password from their phone in order to confirm the online transaction."

But AlZomai maintained that customers were failing to notice when the bank account number in the SMS message was not the same as the intended account number, a clear sign that hackers had infiltrated the system.

As part of the study, the university developed a simulated online bank and asked participants to play the role of customers and undertake a number of financial transactions using an SMS authorisation code.

AlZomai then simulated two types of attack: an 'obvious attack' in which five or more digits in the account number were altered; and a 'stealthy attack' in which only one digit was changed.

"It is worrisome that obvious attacks were successful in 21 per cent of cases, and stealthy attacks in 61 per cent of cases," he said.

AlZomai claimed that the experiment showed that a "significant number" of users were unable to identify the attack.

"According to our study only 79 percent of users would be able to avoid realistic attacks, which represents an inadequate level of security for online banking," he concluded.

Copyright ©v3.co.uk


Web banking risk down to human error
 
 
 
Top Stories
Beyond ACORN: Cracking the infosec skills nut
[Blog post] Could the Government's cybercrime focus be a catalyst for change?
 
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1780

Vote
Do you support the abolition of the Office of the Information Commissioner?