Skip to main content

The WiKID Blog

Viewing posts tagged Transaction Authentication

mitm-attacks-tokens-vs-phishing-and-mutual

Kurt at anti-virus rants has a pair of posts, one on what is man-in-the-middle attack and a follow up on why tokens won't stop phishing, which lead me to an earlier post on why safe site indicators fail.

more-on-online-brokerage-fraud

The Washington Post has an article today about the the increase in online brokerage fraud.

E-Trade Financial Corp., the nation's fourth-largest online broker, said last week that "concerted rings" in Eastern Europe and Thailand caused their customers $18 million in losses in the third quarter alone.
To put that into perspective, E-Trade earned $128.1 million on revenue of $488.7 in their fiscal fourth quarter.

spies-in-the-phishing-underground

There is a great article on the current state of phishing on net-secrurity.org. The article discusses phishing kits with backdoors (phishers phishing phishers), the market for identity information, the lack of sophistication of phishers and some recommendations:

We aren’t going to solve the problem of online PII (Personally Identifiable Information) and identify theft just by writing even more secure code (although it certainly helps), or by continuing to play whack-a-mole with phishers. The system of relying on static identifiers to commit financial transactions needs to be rethought.
And:
Commercial financial institutions such as credit card companies and banks realize that the cost of implementing a new system that does not merely rely on static identifiers is higher than the fraud committed, so they decide to accept the cost. This is the reason why the system has not changed. Unfortunately, financial institutions only take into account their cost when making this decision, but it also ends up affecting the lives of millions of people who have to pay with their identities when such fraud is committed (this cost is also shared by other companies that want to have the capacity to process transactions. The PCI standard is a good example of this situation).
The expectation is that the band-aid approach will continue to be applied until the costs exceed the expense of two-factor authentication.

top-9-reasons-to-embrace-two-factor-authentication

Passwords have been around forever and it's starting to show. The next level of authentication security is two-factor authentication. Your ATM card is an example of two-factor authentication: you need both possession of the card and knowledge of the PIN to get cash. There are a number of factors that are pushing two-factor authentication toward a tipping point.

two-factor-authentication-hysteria-continues


As I predicted, the hysteria around the , well, hysteria in the information security blogosphere, which is a pretty small part of the blogosphere.

Recent Posts

Archive

2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom