The banking industry has been a target for crime since the beginning of it's time. Bank robberies were being planned and executed since banks were first in operation. In more recent years, criminals have found new ways to access other peoples funds through obtaining account information through the post and looking through individual's rubbish for scraps that have been discarded which could contain vital information that could be used as a means of identification and authentication.
Since the advent of internet banking, the focus has shifted to an overall holistic approach to banking security where electronic security is at the forefront of public concern. But with this in mind, are the banks and other financial institutions planning to combat the ever emerging threats that "cyber criminals" pose? And if so, is the level of protection adequate to provide peace of mind for their customers?
Usernames and passwords have been the primary authentication methods in the computing world since it's origins. Although this was once thought to be an adequate means of securing sensitive data - this is no longer the case. When the internet was first made available to the public, the term "hacker" was associated with a rare, criminal-minded genius that possessed extraordinary computing ability and could penetrate the security infrastructure of any organisation's or individual's computer system. However these days, the term has been "watered down" somewhat due to the mere frequency of hacking occurrences, and ease of accessibility to tools which aid individuals wanting to hack into other computing systems. Nowadays a fairly novice user can perform a search engine enquiry on "password cracker" for example, and download a tool, free of charge, and be on their way to gaining unlawful access to other peoples sensitive and personal data. It is because of this that financial institutions should continually look to better their security and authentication infrastructure and services or they run the risk of losing online customers, and worse yet, losing customers to competitors who have decided to take a proactive approach to internet crime defence.
Internet banking crime can take part in several different forms. One technique that seems to be prevalent today is Phishing. Phishing, as described by techtarget (http://whatis.techtarget.com/), "is e-mail fraud where the perpetrator sends out legitimate-looking e-mails that appear to come from well known and trustworthy Web sites in an attempt to gather personal and financial information from the recipient." Individuals can fall victim to this crime if not properly equipped, and educated in the prevention of internet fraud.
"Banking Fraud is as old as the industry itself, and it continues to be one of the largest expenses faced by many financial institutions, according to Virginia Garcia, research director for Needham, Mass.-based TowerGroup. Garcia estimates that 30 percent to 50 percent of the industry's $55 billion in annual operating losses is attributable to fraud." Bill Harris, chairman of PassMark security in Redwood City, California stated that "In 2005, the industry has reached a consensus that the root problem is authentication," Harris continues. "Passwords are no longer sufficient to let someone in the front door. Traditional authentication methods aren't enough," he asserts. As a result, banks are using a greater array of information and multifactor analysis to lock down systems when fraud schemes are detected" .
So what is authentication? Authentication, as defined by techtarget is "the process of determining whether someone or something is, in fact, who or what it is declared to be". Authentication is generally measured in terms of factors. For example, one factor, two factor, and three factor authentication. One factor authentication is gaining access by...