Banks and police set security standards

Security experts attending a high-level meeting of banks, telecoms companies and the police have revealed to vnunet.com that they believe it possible to develop a solution to phishing and online fraud.

The closed meeting in London examined the problems of phishing and other online crime. It looked at customers' reactions and sought to find remedies that could be applied easily and on a large scale.

There was agreement that existing technologies could provide a workable means of fighting phishing and online fraud, but that deciding which would be the best to use would take more time.

"The intelligence and elegance of security architecture is such that a solution can be developed," said John Madelin, business development director at RSA Security, which hosted the meeting of industry and the UK's National High Tech Crime Unit.

"There was acknowledgement that some stronger form of authentication is a must in the short term. But a piecemeal approach would be costly and difficult for the user to configure."

Consumer education is a key part of any system, according to attendees. The meeting heard that UK consumers do not feel sufficiently at risk to justify paying for extra protection.

By contrast, Australian banking customers, who are subjected to many more phishing attacks per user than their counterparts in the UK, are better educated about the problem and willing to pay to solve it.

Bendingo Bank in Victoria recently started selling security tokens that prove customers' identity for $16.50 (£6.75), and the scheme was successful enough for the bank to make the tokens compulsory for online bankers from July.

As part of the education process, police attending the meeting in London are to change how they report online crime.

Just as an effort was made to cut the attractiveness of stealing cars by calling it 'car theft' as opposed to joyriding, hacking will now be referred to as 'electronic burglary'.

Indemnification of the banks by government was also discussed, but some were concerned about the lasting damage to brands from online attacks.

As one delegate said: "It would be like being paid the value in horse meat after your race winner has been nobbled."