The future of Internet banking is under a cloud as consumers face picking up the $25 million annual bill for inadvertently falling victim to online scams
- 23 January, 2007 09:59
<p>Yesterday it was announced in the news that the Australian Securities and Investments Commission are reviewing a proposal submitted by banks, where unless users have an unspecified “minimum or adequate” security on their computers, the banks will not be liable for any losses to consumers due to online scams. RSA, The Security Division of EMC, has been working closely with the Australian finance and banking industry and as an example, Adelaide Bank has put in place “behind-the-scenes” solutions such as Transaction Monitoring.</p>
<p>“Banks can decide how visible or transparent their authentication measures are,” said Geoff Noble, Finance and Banking Specialist for RSA, The Security Division for EMC. “However, the concept of offering online banking communities different levels of authentication is important as all parties have various degrees of security requirements. It is recommended that all accounts be monitored for anomalous behavior with the provision of a step-up authentication process. One size does not and cannot fit all,” continues Geoff.</p>
<p>For instance, business customers who transact large amounts of assets may request strong time synchronous two-factor authentication such as a ‘token’. For the broader population of users, step-up authenticators such as out of wallet questions, an out of band phone call or a one time password via SMS, IVR or email may only be required if a transaction is deemed as high risk. This may be changing of personal details, setting up new payees or the transfer of funds over an agreed amount. One of the keys to success as well as developing loyal relationships is to involve your customer and allow them to select their preferred method of authentication.</p>
<p>There is also an opportunity to address cyber criminals by tapping into the e-Fraud Network. The RSA® eFraudNetwork community is a cross-bank, collaborative online fraud network. It includes dozens of leading global financial institutions and some of the world’s leading ISPs, providing a holistic view of today’s fraud environment. The eFraudNetwork community shares fraudster information across multiple banks in real time; when a fraudster attack is identified against one of its members, all others are instantaneously protected as well. Today, many of the world’s top 50 banks, including Bank of America, Credit Suisse, HBOS, ING Direct, Barclay’s and Washington Mutual benefit from being part of this global eFraudNetwork community.</p>
<p>This is scaleable across the banks platform without having to pass on high costs to customers. Geoff also says, contrary to a statement by the review (see below) that he has seen that institutions have been willing to invest in online security</p>
“Institutions have been <b>unwilling to invest in online security</b> because of "the low losses to date . . . and the associated difficulties of making a business case for higher levels of investment in counter-measure technology," the review states.
<p>Should you require any further information or would like to set up an interview to discuss further with Geoff, please call Sarah on 02 9212 3848 or <a href="mailto:email@example.com">firstname.lastname@example.org</a>.</p>
RSA, The Security Division of EMC, is the expert in information-centric security, enabling the protection of information throughout its lifecycle. RSA enables customers to cost-effectively secure critical information assets and online identities wherever they live and at every step of the way, and manage security information and events to ease the burden of compliance.</p>
<p>RSA offers industry-leading solutions in identity assurance & access control, encryption & key management, compliance & security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit <a href="www.RSA.com">www.RSA.com</a> and <a href="www.EMC.com">www.EMC.com</a>.</p>
- Cyber attacks as likely as natural disasters, as devastating as ecosystem collapse: WEF
- The week in security: 773 million reasons to improve your security
- Security refresh teaches James Cook University the value of better visibility
- What is spear phishing? Why targeted email attacks are so difficult to stop
- Tis’ STILL the season to be phished!