Web banking risk down to human error

By on
Web banking risk down to human error

The vast majority of internet banking users are not taking even basic steps to protect themselves online, according to a new study..

Mohammed AlZomai, of the Information Security Institute at the Queensland University of Technology, said that one-in-five online transactions is vulnerable despite added security methods such as SMS passwords.

AlZomai explained that the security threat had more to do with human error and the usability of advanced authentication systems than any technical security problem.

"In response to the growing threat to online banking security, most banks have implemented special methods for authenticating a transaction," he said.

"A typical method is sending a one-time password via SMS to the customer's mobile phone for each transaction. The customer must manually copy the password from their phone in order to confirm the online transaction."

But AlZomai maintained that customers were failing to notice when the bank account number in the SMS message was not the same as the intended account number, a clear sign that hackers had infiltrated the system.

As part of the study, the university developed a simulated online bank and asked participants to play the role of customers and undertake a number of financial transactions using an SMS authorisation code.

AlZomai then simulated two types of attack: an 'obvious attack' in which five or more digits in the account number were altered; and a 'stealthy attack' in which only one digit was changed.

"It is worrisome that obvious attacks were successful in 21 per cent of cases, and stealthy attacks in 61 per cent of cases," he said.

AlZomai claimed that the experiment showed that a "significant number" of users were unable to identify the attack.

"According to our study only 79 percent of users would be able to avoid realistic attacks, which represents an inadequate level of security for online banking," he concluded.

Copyright ©v3.co.uk
Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
Flash is heading towards its grave, and that's...
Great! Good riddance
Sad! Flash had some good qualities
Irrelevant. I don't care
What's Flash?
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?