All the latest UK technology news, reviews and analysis
|
|
|
18 Apr 2007
Moves by Barclays to provide chip-and-Pin card readers to half a million customers in the UK will not eliminate cyber-fraud, security experts warned today.
Barclays' online customers will be required to use a handheld device, dubbed PINsentry, to generate a one-time passcode that must be entered when conducting certain online banking transactions.
The device will only generate a passcode once the user's bank card has been swiped through PINsentry, and the Pin entered.
While the scheme should reduce the risk of phishing emails and spyware that aim to steal log-in details and passwords from internet users, security firm Sophos warned that it will not eradicate the risk of online fraud.
"Including two-factor authentication in the online banking process is definitely better security, as keyboard logging spyware and phishing emails will not be effective if user passcodes keep changing," said Graham Cluley, senior technology consultant for Sophos.
"However, these chip-and-Pin devices do not prevent all identity theft because spyware can still steal screenshots of what bank customers are doing online, and can capture account information to use for fraudulent purposes.
"More sophisticated hackers can even develop 'man-in-the-middle' attacks that sit in between users and their banks, automatically capturing information in real time and sending unauthorised instructions to the bank posing as the customer."
Sophos noted that this is not the first step that a bank has taken to prevent internet fraud. Lloyds TSB began trialling a token device in late 2005 which provided online banking customers with a one-time six-digit passcode.
"More and more banks are looking to introduce technology to better protect their customers and reassure them that online banking need not be filled with peril," said Cluley.
"Of course, all these solutions cost money for the banks, and ultimately that expense will be passed on to the customer one way or another."
Latest stories from Web
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
Orange and Intel talk us through the ins and outs of their San Diego smartphone
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
My London client is looking for an experienced Programme...
My leading client is looking for a number of excellent...
My client, a leading international name in Manufacturing...
My client is looking for an Automated Engineer/Developer...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?