Saturday, September 1, 2007

Credit-card fraud, cybercrime rockets

While cybercrimes and credit card frauds are growing, so is the concern among the customers who want their banks to use advanced methods to protect their hard earned money. In India, however, the concern is comparatively lower.
According to the annual Financial Institution Consumer Online Fraud Survey, conducted by RSA, The Security Division of EMC, trust in online channels has eroded, as 82 per cent of account-holders are less likely to respond to an e-mail from their bank due to scams including ‘phishing’. More than half of the customers said that they would be less likely to sign-up for or use online banking facilities.
The survey also revealed that 82 per cent of the customers now want their banks to monitor online and telephone banking sessions to spot irregular activities. About 91 per cent of those surveyed were willing to use any advanced authentication method, apart from the standard ‘username and password’, to ensure an enhanced security. “If I am sure that my money will be safer, I won’t mind making some extra effort,” said an internet banking subscriber. The online survey, conducted in eight countries including India, asked the Internet banking and online transaction practitioners for their opinions on online fraud. It also revealed that while 69 per cent respondents in UK, 65 per cent in Australia claimed to be familiar with the term ‘phishing’ and other hacking methods, the figure was as high as 83 per cent in the US. In India the figure was much lower than 50 per cent. “India is still low on the list of hackers and online swindlers as the volume of money involved is also low. India, however should acquire the technology in advance as online banking will increase,” said Mr Sri Kiran Raghavan, of RSA.
Elaborating further he added that the hackers are becoming smarter with stricter security systems in place. “Now with attacks like phising and ‘pharming’ being tackled well, a new method known as ‘vishing’, a seemingly more dangerous version of ‘phising’, has come to the fore.” Mr Raghavan said.
Till date just four ‘vishing’ scams have been identified, but the practice is expected to “explode”.
The most prominent attack was involving an online money transfer service. The victims were directed to dial a number by an e-mail claiming his account have been breached. The consumer was then tricked into revealing every detail and millions were swindled from his account.
“In ‘vishing’, identity thieves ask people to call a phone number attached to a VoIP account which they easily obtain online. Later, they are trapped into revealing details like security PIN as well as the three digit CVV code, which is then recorded. Globally banks are increasingly adapting advanced systems like adaptive identification authentication in which the software records consumer behaviour and matches it each time the account is operated.
There are other methods like tokens or online passwords in which the consumer is provided with a small device which displays a password for his account. The password in the device keeps changing every 60 seconds. In India, however only one or two banks provide them.

Source

No comments: