Banking Industry looks to technology for greater on-line security

Financial Institutions look to technology for greater on-line Security

Source: Digital Security News. 9-11-05

Recent cyber-attacks have proven two points: that Image Attacks cause Financial Institutions to fail security compliance; and SSL will not protect on-line banking from Image Attacks.

Hackers and cyber-criminals have begun using internet browser images, such as the back arrow and the favorite’s button on the browser tool bar to deliver malicious code that can steal a customer’s confidential on-line banking information. Many security software experts are diligently creating software patches which attempt to fix these security vulnerabilities, however, almost as fast as a patch is created a new set of image attacks are initiated which circumvent the patch.

One of the most disturbing results of this new wave of image based attacks is that SSL (Secure Socket Layer), the standard for on-line banking activities, is vulnerable to image attacks. Using the image attack a cyber-criminal enters the SSL (Secure Socket Layer) and extract bank account numbers; credit card numbers; passwords; and many other critical and confidential data items. These items can then be used to steal one’s identity, issue fraudulent checks, make unauthorized purchases, withdraw cash from accounts and perform other criminal acts.

Based upon the escalation in image attacks, the transition from SSL to a higher level of security for on-line banking is needed. This higher security technology should provide for rapid and simple installation, world-wide on-line banking access, smooth integration with existing computer operations, customer acceptance, affordability and phase-in implementation features.

By Glenn Gearhart, CEO, ACAP Security Inc., a provider of higher level security solution to the financial industry. glenn@acapsecurity.com.

White Paper: 091105 ACAP Security Inc.