Internet Fraud Can Only Be Stopped If Banks and Consumers Collaborate

Share Article

Consumers play a huge part in thwarting online fraud as most fraudulent activity can be attributed to compromised computers. Today, the exponential rise of phishing and other sophisticated threats such as invisible trojans, viruses and other lures are proving to be serious and very real threats to banks around the globe.

Consumers play a huge part in thwarting online fraud as most fraudulent activity can be attributed to compromised computers. Today, the exponential rise of phishing and other sophisticated threats such as invisible trojans, viruses and other lures are proving to be serious and very real threats to banks around the globe. While the convenience of online banking offers a massive 'cash-cow' and is also a significant cost-saver for the banks, the amount of online fraud losses are increasingly getting out of control.

Today, countries are looking to strengthen their 'Anti-money Laundering and Terrorist Financing Legislation', while banks in Australia are now trying to hold the customer liable for parts of their fraud losses - under a review of Australia's Electronic Funds Transfer (EFT) code of conduct.

The Australian Financial Review wrote on Jan 12: "However, the ASIC (Australian Securities and Investment Commission) discussion paper refers to financial services industry representatives who have lobbied to make customers fully liable for internet fraud if they do not install minimum security on their computer or if they respond to phishing attacks with 'extreme carelessness'".

It seems that banks haven't been doing themselves any favours by downplaying for years the security risks involved in online banking. This became apparent in a recent report in the UK Guardian Newspaper which reported that Metropolitan Police officer, Detective Superintendent Russell Day told a group of MPs who were investigating the fast-growing problem of identity theft, that banks were keeping quiet about attacks on their systems - either because of concerns over public confidence or because they lacked confidence in the ability of the police to deal with such crimes. In fact, one MP commented "the true cost of identity theft to the UK economy could be much greater than the official figure of £1.7bn a year."

Andreas Baumhof, Chief Technology Officer of TrustDefender notes "there is no question that banks have invested heavily into the security infrastructure that protects data once it is inside the banks control, however, they have failed to educate the user in order that they understand that they are still at risk and have a duty of care when it comes to the security status of their PC."

"This is where the real dilemma arises. Nobody - apart from security specialists - can know for sure whether or not his or her PC is safe. It is important that people ask themselves some very important security related questions such as, Do I have my Windows Update turned on? Is my Antivirus Scanner up-to-date? Have I checked the Fingerprint of the SSL Certificate? Is my DNS Server properly configured?" he added.

People may feel safe in the assumption that existing Security Vendors provide a solution to the problem. Unfortunately, the reality of the situation is quite brutal. Despite the fact that security solutions are cumbersome and still rely mainly on blacklists and heuristics, most have a complicated update mechanism and are therefore unable to detect the most sophisticated trojans. This means that they fail to deliver a true end-to-end solution, as the bank is not able to get a view on the state of the security of a consumer's PC.

Antivirus Software has been available for more than 10 years, yet viruses and trojans are still incredibly successful.

Further, despite all anti-phishing efforts, phishing attacks are still highly successful as was proven in the recent Myspace phishing attack where more than 60,000 user identities - email addresses and passwords - were stolen. (see http://blog.washingtonpost.com/securityfix/2007/01/myspace_phishers_hook_hundreds.html)

Mr Baumhof added, "there is only one solution to the problem - integrate the consumer's PC into the overall security chain with the bank and use a white-listing method for online transactions. TrustDefender is the only solution capable of doing this for consumers, banks, financial institutions and any other company relying on users interacting with them online."

The TrustDefender approach solves all the important security problems:

  •     Firstly - the bank can perform a security health check of the consumer's PC and educate the user within the online banking user-interface. This would enable the bank to reliably inform the user that it has checked the firewall, Windows Update, DNS System and the Antivirus product and that everything is correct and up-to-date. Further, the bank can integrate this information into the risk engine of its core banking application and, for example, defer transactions if any unknown and potential malicious software is found on the consumer's computer.
  •     Secondly, the computer needs to be scanned with a white-listing method. Today, to circumvent existing antivirus technologies, trojans are released in huge variations (sometimes as many as 10,000 variants). The only way of knowing that a computer is safe and secure is to make sure that no unknown software is present.

The TrustDefender Enterprise Server (TES), together with the TrustDefender Client is capable of delivering exactly the solution outlined above. The On-Demand Endpoint Security Suite is designed to enable banks and online businesses to solve the 'root cause' of the problem with minimal TCO and immediate ROI.

With TrustDefender, there is no reason for banks or consumers to fear online fraud any longer. When TrustDefender's consumer and enterprise solutions are installed on a computer every online fraud and identity theft problem has a solution. The solution is TrustDefender.

Try TrustDefender today

Consumers who want to try TrustDefender should visit http://www.trustdefender.com and download the free 21 day trial of the consumer solution from the online shop.

Banks, financial institutions and online businesses can email to get a free trial of the Enterprise version.

For media information, contact:

Kerryn Nelson

Managing Director

Big Mouth Marketing Communications P/L

Ph: 03 9558 3122 / 0417 035 536

About TrustDefender:

TrustDefender is the leading provider of 'On Demand Endpoint Security Solutions' to safeguard online business transactions. With its GAP protection, TrustDefender is able to guarantee the authenticity of a website. The secure lockdown, safe & secure mode, two factor authentication and the TrustedSurfing database complete the holistic security solution.

The secure policy engine allows online businesses to educate and enforce the compliance of a home user's PC to their security policies. TrustDefender is the world's first security solution which enables online businesses to integrate the home user's PC into the overall security solution.

TrustDefender was founded in 2005 and is based in Sydney, Australia.

###

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Ted Egan
Visit website