European, U.S. On-line Banking Security Measures May Be Insufficient

May 08, 2005 (PRLEAP.COM) Business News
Brussels —- U.S. banks have turned to their European counterparts for on-line banking security tips, but the tokens and other two-factor authentication techniques used in Europe might not be enough. Hackers are becoming increasingly capable of compromising data with sophisticated attacks directly against Web applications – a problem which auditing tools like nSense WebScan and SystemScan, available from Antamis Sprl, can help financial institutions solve.

Passwords alone are not suitable for protecting confidential data. Two-factor authentication is an improvement, but isn’t a complete solution to on-line security. Tokens and similar two-factor techniques protect against passive attacks such as password guessing. However, they do not work against methods like phishing that hackers now use. Likewise, if a hacker opens a bank account with on-line access, he or she could get into the system using the token and attack the bank from inside, if vulnerabilities exist in the banking application.

Banks in the U.S. and Europe need to review their entire security policy to ensure that risks are addressed at the source, instead of handling only the most apparent and exploited issues. Data thieves will grab the low-hanging fruit first, but the golden apples on the highest branch are not out of reach for creative and sophisticated hackers. To mitigate the risk of data and identity theft and fraud, banks should proactively create awareness regarding security issues, control access to banking applications, and regularly audit their Web-facing IT systems.

“Banks are spending millions of euros on two-factor authentication, while hackers are busy finding other ways of accessing client data and committing on-line fraud. Using tokens will certainly improve security, but if a bank has a hacker as a client, he or she could possibly compromise the system from within,” states Ben Kwiecinski, Managing Director of Antamis.

Controlling user access and creating awareness of the dangers of the Internet among clients are important for information security. To ensure the complete safety of client data, however, banks should regularly audit their internet-accessible infrastructure for security vulnerabilities. Using automated auditing tools like nSense WebScan and SystemScan, bank IT and security personnel can accomplish this quickly and effectively.

About Antamis

Antamis is a leading provider of cost effective open source-based CRM, CMS, and e-Learning business solutions, as well as security services that help its clients get the most of the Web – profitably and safely. Antamis sees business and security objectives as interrelated and delivers robust solutions that address these needs with high technical competence, commercial excellence, and outstanding customer service. For more information, please contact Ben Kwiecinski or Magnus Paulin on +32 (0)2- 211 3439 or visit www.antamis.com. Antamis Sprl is located at Rue Des Palais 44, B-1030 Brussels.