Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Trojan can grab extra personal banking data

Stephen Lawson | Sept. 29, 2008
A Trojan can add data entry fields to legitimate online banking sites and entice consumers to give up additional information.

"If phishing were a stock, I would invest in it," Rivner said.

At RSA, the encryption giant that became EMC's security business through a $2.1 billion acquisition in 2006, the target for combatting online banking fraud is the cashing-out step. The company sells software that looks at every transaction a customer makes and assesses the level of risk, Rivner said. It may look at the IP (Internet Protocol) address from which the site is being accessed, as well as that user's typical pattern of transactions. If the risk level is high, the bank can block the transaction and contact the customer directly, he said.

This approach is increasingly being used by banks because of the difficulty of tracking down and eradicating malware and phishing, Rivner said. There may be numerous Trojans on a customer's computer, but the bank isn't hurt by any of them until a fraudster tries to use them to divert money from an account, he said.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.