Malware and Phishing are the true enemies of E-commerce, its future penetration, and E-banking altogether. Still, there are often banks envisioning the very basic risks, and hedging them one way or another, as "Barclays gives anti-virus software to customers"
"Barclays Bank is issuing UK internet banking customers with anti-virus software, as part of attempts to reduce online identity theft. The bank has signed a deal with Finnish anti-virus firm F-Secure, which will provide software to the bank’s 1.6m UK internet banking customers. While other banks offer discounted anti-virus software deals to customers, Barclays is the first in the UK to give it away for free. ’Nearly two-thirds of home PCs don’t have active virus protection, and one in five is actually infected by a virus, placing people at risk from data theft, as well as damage to their computers,’ said Barnaby Davis, director of electronic banking at Barclays."
I find the idea a very good mostly because compared to other banks that try to reestablish the email communication with their customers, but starting from the basics, you can't do E-banking without generally acceptable security measure in place. And while an AV solution doesn't necessarily mean the customer wouldn't get attacked by other means, or that it would be actually active in the moment of the attack, this is a very smart to do. To take advantage of even more benefits, Barclays must actively communicate their contribution and unique differentiating point to their customers, in comparison with the other banks -- it's getting harder for companies to retain customers due to improved access to information, thus more informed decisions.
You can't just deal with the technological part of the problem, but avoid the human side in it, as education and awareness will result in less gullible, but more satisfied and longer retained customers. Phishing is today's efficient social engineering, and a bank's site shouldn't be assumed "secure" as on many occasions site-specific vulnerabilities improve the truthfulness of the scam itself. Forwarding the responsibility for secured access to the E-banking feature to final customers should be simultaneous with the bank auditing its web services. In the upcoming years, with the rise of mobile banking, I think we will inevitably start seeing more mobile phishing attempts.
Ebay's PayPal is still a major player in online payments, on its way to dominate mobile payments too. The trend and potential of cross-platform malware is what both AV vendors and payment providers should keep in mind.
Tuesday, May 30, 2006
No Anti Virus Software, No E-banking For You
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com