Singapore â August 03, 2005 â Leading independent research and advisory firm, Financial Insights, an IDC company, today announced the release of a new report on Internet banking security and dual factor authentication. The report discusses the growth of phishing and related online scams across the region and the various actions regulators and financial institutions are taking in response.
Increased reliance on the Web for the delivery of an increasing range of financial services has brought with it concerns about the security and integrity of transactions. While financial institutions have increased their own security measures to deal with the threat of attacks, criminals have shifted the focus of their efforts to customers. The rapid growth in phishing and related attacks are representative of this shift in focus and highlight the need for better security measures.
While these attacks are not limited to the financial industry, the reality is that few industries can offer as much potential reward for criminals.
The Anti-Phishing Working Group tracked attacks over a four-month period in 2005 and showed that the financial sector consistently accounts for at least 80% of all known attacks. This is a frightening statistic and highlights the importance of efforts by institutions and regulators to improve online security. Customers have themselves begun getting more vocal in their calls for action and this has led regulators to take a more proactive stance on online security.
Asia's regulators have become particularly active, with The Hong Kong Monetary Authority (HKMA) recently mandating that all banks implement dual factor authentication. The Australian Bankers Association (ABA) is preparing to introduce an industry standard for dual factor authentication and other regional regulators are also considering similar measures for their own markets.
The focus of these regulatory actions and the solution most often cited by industry participants is dual or two factor authentication. It refers to the creation of an additional layer of security that goes beyond the traditional login and password. Instead of securing a site through something the customer knows like a password, the customer is required to also possess another type of identification. This can come in the form of a hardware or software token, for example.
While a second layer of protection is preferable to single factor systems, there are concerns that criminals will be able to quickly adapt to these new technologies. Advanced trojans and man-in-the-middle attacks are often cited as two ways to circumvent these new protections, raising questions of their value. The response to these concerns has not been to abandon the technologies, but to accept the reality that security is an ongoing effort with technology just one of its component. Industry cooperation and increased efforts to educate and inform customers about the risks of online scams must also play a part in helping secure online financial transactions.
"The ability of criminals to rapidly circumvent new defensive measures should be of great concern to advocates of dual factor authentication," says Douglas A. Jaffe, associate director with Financial Insights Asia/Pacific. "However, an additional layer of protection, in conjunction with improved customer education and financial industry cooperation can be effective in helping improve security."
"The growing influence of the Web means there really is no choice but to improve online security," Jaffe adds, âHow best to do this, however, is still open to debate."