I've always believed that the more security measures we put in place to stop criminals the more crafty and convoluted their schemes become. This is a fine entry from Robert Siciliano.
For more than a decade criminals have been attacking online banking successfully by one upping security professionals their and clients by creating viruses to bypass existing security measures.
In response security companies offer new technologies to fight new threats and federal regulators have continually updated their compliance rules in response to existing vulnerabilities.
When criminals target an organization like a bank they start by looking for vulnerabilities in the network infrastructure. Beyond that they target the employees of a bank and their customers using the information provided on the corporate site, and via social media.
Once they gather enough information about their target they use that data to circumvent all the security technologies meant to prevent a user from downloading a virus or social engineering tricks like clicking an infected link and alert us to a phish email.
This is where banks need to step it up and incorporate complex device identification. iovation, an Oregon-based security firm, goes a step further offering Device Reputation, which builds on complex device identification with real-time risk assessments, the history of fraud on groups of devices, and their relationships with other devices and accounts which exposes fraudsters working together to steal from online businesses.
Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video.Disclosures.