Hackers Are defeating Tough Authentication, Gartner warns
January 18, Computerworld – (International)
Security measures such as the use of one-time passwords and phone-based user authentication — considered among the most robust forms of IT defenses — are no longer enough to protect online banking systems against fraud, a Gartner Inc. report warns. Cybercriminals are using increasingly sophisticated tactics to outmaneuver security systems so they can steal customers’ log-in credentials and pillage their bank accounts, according to a Gartner analyst who wrote the report.
Trojan horse programs lurking inside a customer’s Web browser can steal one-time passwords and immediately transfer funds, or intercept a transaction between a bank and a customer and make changes unbeknownst to the user or the bank, the analyst said. In cases where a bank uses a phone-based, “out of band” authentication system, criminals use call forwarding so that the fraudster, not the legitimate customer, gets the call from the financial institution, the analyst said. Banks need to quickly implement additional layers of security, she advised.