Hackers beat bank anti-fraud attempts
It's fair to say that the bad guys are just as motivated as the good guys when it comes to cybercrime. In the battle to keep customer banks accounts safe, the good guys have been moving quickly, though not as quickly as some would like, forcing the enemy to raise their game as well.
Case study: the effort by banks to move toward multi-factor authentication. In the old days, a plain user name and password were all that was required for a customer to access his or her bank account. But that set-up became easy pickings for the hackers. Banks responded by moving toward 2-factor authentication. This often involved a bank sending a one-time secure code to a customer's mobile phone. The password would then be inputted as an additional layer of safety.
Sounds great. Unfortunately, the bad guys have cracked the system, or at least they are starting to.
The Exchange reports that hackers have found ways to compromise mobile phones, essentially intercepting the code as it is sent to a legitimate customer. This is part of a great malware wave now unfolding, according to McAfee.
Hopefully, the good guys will continue to innovate, keeping their foes on the defensive. Perhaps the time has come for some sort of biometric system.
- here's the article