Thursday, March 30, 2006

Good measure, but not enough

According to the InfoWorld:

German bank fights phishing with electronic signatures
Postbank to begin attaching electronic signature to all e-mail correspondence with customers

By John Blau, IDG News Service

March 30, 2006

German retail banking giant Postbank AG, the target of several phishing attacks, aims to curb the theft of online personal information with the help of electronic signatures.

The bank will begin attaching electronic signatures to all e-mail correspondence with customers, Postbank spokesman Jürgen Ebert said Thursday.

It's a very good measure, specially when the bank sends messages with links to account balances and other private information. However, they need to be aware that this will not be enough to avoid problems with authentication data theft.

In Brazil we've had a large number of phishing scams pretending to be from the Banks a couple of years ago. But now the fraudsters realize that people are already aware that these are fake. They are using a different approach now, sending trojan horses to capture the same information when the users are accessing the real bank website. It's easier to make people click on messages that appear to be from apparently innocent or not related to banking sources, like virtual cards websites or government agencies (saying that you have problems with your tax report, for example).

Banks need to protect their communication with their clients, but it won't be enough to ensure that credentials will not be stealed. They need to use additional measures to avoid that, like One Time Passwords cards or tokens like SecureID.

No comments:

Post a Comment