Antisource.com  /  Security Forums  /  About  /  FAQs  /  Links  /  Polls  /  Advanced Search     
Register!   Login  
The All Inclusive Security Resource
Defending users and administrators against the
threat of viruses, trojans, spam, spyware, and hackers
Topics
General News
Antivirus Reviews
Network Defense
Spyware
Anti-Spam
Phishing Scams
Virus Alerts
Featured Product

Antivirus for your email server! Virus & content check mail with 5 virus scanning engines. Free 30 day trial available!


Download Free Trial
Security Forums
Desktop Security
Malware Removal Help
Spam Blocking
Patches and Hotfixes

Network Security
Firewalls and Routers
Intrusion Detection
Web Proxies

Antivirus Support
Symantec
McAfee
Trend Micro
Other Antivirus
Quick Resources
About Antisource
Malware Threats Triangle
Free Virus Scan
Virus Map
 

Online Banking to Become More Complex by End of 2006

Thursday, October 27, 2005
Author: kranky
Permalink: online-banking-2006 		Phishing Scams
Email Article to a Colleague Printer-Friendly Version Author's Profile


By the end of 2006, you won't be able to log on to your bank's site with just a username and password.

Banks are required to implement two-level (or two-factor) authentication, meaning that not only will you have to supply a username and password, but you also will have to use a second method as well.

Phishing has become so prevalent that banks must take additional precautions to avoid losses. Unsuspecting Internet users are being fooled into providing their login information by spam emails sent by scammers which appear to be from the financial institution itself.

There are three basic ways of identifying a legitimate user; something they know, something they have, and something they are. Two-factor authentication means that two different types must be used to allow logins.

The category of something they know covers things like passwords, and answering questions that only the account holder would likely know like place of birth and the ever-popular first pet's name, among others.

Something they have could include a device that must be attached to a PC, or a device which generates different single-use passwords.

Something they are could mean a fingerprint or retinal scan.

Requiring the use of two different methods is expected to greatly reduce the effectiveness of phishing. People may still fall into the trap of giving their login and password, but the phisher cannot make use of it if he/she lacks the secondary method the bank requires.

There are a number of different methods that will satisfy the new requirement:
- Card readers which generate a password when a card is swiped
- Tokens, which can plug into a USB port
- Password generators that create one-time use passwords
- Fingerprint or retinal scanner
- Scratch-off cards that have a series of one-time use passwords

The bank gets to choose the method that will be used.

This could be a significant annoyance to people with multiple bank accounts, since all banks they use may not use the same secondary method.

In a worst case scenario, you could need a number of different devices to access all of your bank accounts online.

The new rules are being established by the Federal Financial Institutions Examination Council. The full text of their report can be found at http://www.ffiec.gov/pdf/authentication_guidance.pdf
  

Comment about Online Banking to Become More Complex by End of 2006 | 0 comments |

The following comments are owned by whomever posted them. This site is not responsible for what they say.

 
 Copyright © 2010 Antisource
 All trademarks and copyrights on this page are owned by their respective owners.
Running GeekLog | Privacy Policy | Created this page in 0.18 seconds | Site Stats | RSS Feed xml