No Anti Virus Software, No E-banking For You

Malware and Phishing are the true enemies of E-commerce, its future penetration, and E-banking altogether. Still, there are often banks envisioning the very basic risks, and hedging them one way or another, as "Barclays gives anti-virus software to customers"

"Barclays Bank is issuing UK internet banking customers with anti-virus software, as part of attempts to reduce online identity theft. The bank has signed a deal with Finnish anti-virus firm F-Secure, which will provide software to the bank’s 1.6m UK internet banking customers. While other banks offer discounted anti-virus software deals to customers, Barclays is the first in the UK to give it away for free. ’Nearly two-thirds of home PCs don’t have active virus protection, and one in five is actually infected by a virus, placing people at risk from data theft, as well as damage to their computers,’ said Barnaby Davis, director of electronic banking at Barclays."

I find the idea a very good mostly because compared to other banks that try to reestablish the email communication with their customers, but starting from the basics, you can't do E-banking without generally acceptable security measure in place. And while an AV solution doesn't necessarily mean the customer wouldn't get attacked by other means, or that it would be actually active in the moment of the attack, this is a very smart to do. To take advantage of even more benefits, Barclays must actively communicate their contribution and unique differentiating point to their customers, in comparison with the other banks -- it's getting harder for companies to retain customers due to improved access to information, thus more informed decisions.

You can't just deal with the technological part of the problem, but avoid the human side in it, as education and awareness will result in less gullible, but more satisfied and longer retained customers. Phishing is today's efficient social engineering, and a bank's site shouldn't be assumed "secure" as on many occasions site-specific vulnerabilities improve the truthfulness of the scam itself. Forwarding the responsibility for secured access to the E-banking feature to final customers should be simultaneous with the bank auditing its web services. In the upcoming years, with the rise of mobile banking, I think we will inevitably start seeing more mobile phishing attempts.

Ebay's PayPal is still a major player in online payments, on its way to dominate mobile payments too. The trend and potential of cross-platform malware is what both AV vendors and payment providers should keep in mind.

Security threats to consider when doing E-Banking

E-banking, and mobile commerce are inevitable part of our daily lifes, and would continue to get more popular. 

The bad thing is, that it's not just us, the end users benefiting from this fact, but also, the malicious attackers exploiting our naivety and lack of awareness on the threats to watch for. Candid Wuuest did an outstanding research on the insecurities of E-banking, and excellect job in comparing the different security measures next to one another. The slides will also provide you with a lot of useful info on the topic.

Further info on the topic an also be found at :

Why eBanking is Bad for your Bank Balance
Risk management principles for electronic banking

Technorati tags :
e-banking, electronic banking, E-commerce, security, information security