Web banking risk down to human error

Powered by SC Magazine
 

The vast majority of internet banking users are not taking even basic steps to protect themselves online, according to a new study..

Mohammed AlZomai, of the Information Security Institute at the Queensland University of Technology, said that one-in-five online transactions is vulnerable despite added security methods such as SMS passwords.

AlZomai explained that the security threat had more to do with human error and the usability of advanced authentication systems than any technical security problem.

"In response to the growing threat to online banking security, most banks have implemented special methods for authenticating a transaction," he said.

"A typical method is sending a one-time password via SMS to the customer's mobile phone for each transaction. The customer must manually copy the password from their phone in order to confirm the online transaction."

But AlZomai maintained that customers were failing to notice when the bank account number in the SMS message was not the same as the intended account number, a clear sign that hackers had infiltrated the system.

As part of the study, the university developed a simulated online bank and asked participants to play the role of customers and undertake a number of financial transactions using an SMS authorisation code.

AlZomai then simulated two types of attack: an 'obvious attack' in which five or more digits in the account number were altered; and a 'stealthy attack' in which only one digit was changed.

"It is worrisome that obvious attacks were successful in 21 per cent of cases, and stealthy attacks in 61 per cent of cases," he said.

AlZomai claimed that the experiment showed that a "significant number" of users were unable to identify the attack.

"According to our study only 79 percent of users would be able to avoid realistic attacks, which represents an inadequate level of security for online banking," he concluded.

Copyright ©v3.co.uk


Web banking risk down to human error
 
 
 
Top Stories
Matching databases to Linux distros
Reviewed: OS-repository DBMSs, MariaDB vs MySQL.
 
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  70%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  12%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 710

Vote