“As much as the HangUp Team has relied on distributed pain for its success, financial institutions have relied on transferred risk to keep the Internet crime problem from becoming a consumer cause and damaging their businesses. So far, it has been cheaper to follow regulations enough to pass audits and then pay for the fraud rather than implement more serious security. ‘If you look at the volume of loss versus revenue, it’s not horribly bad yet,’ says Chris Hoff, with a nod to the criminal hacker’s strategy of distributed pain. ‘The banks say, ‘Regulations say I need to do these seven things, so I do them and let’s hope the technology to defend against this catches up.’
“‘John’ the security executive at the bank, one of the only security professionals from financial services who agreed to speak for this story, says ‘If you audited a financial institution, you wouldn’t find many out of compliance. From a legal perspective, banks can spin that around and say there’s nothing else we could do.'”
Future of Malware, Bruce Schneier, October 17, 2007
“Last month, I wrote about US financial institutions, their failure to implement two-factor authentication, and the absurdity that has become Wish-It-Was Two Factor authentication. I thought that’d be the last I’d write about the topic, but when Steven King pointed me towards his bank, Synergy One. I couldn’t resist a follow-up.
“First and foremost, Synergy One seems to be a great, local institution. They invest in their community. They offer college scholarships. Heck, they even have student-run branches to encourage saving money while in high school. And this is exactly why it’s such a shame that they’ve fallen prey to the Wish-It-Was Two-Factor placebo.
“Being such a small institution, Synergy One does not develop their own banking software. They rely on Harland Financial Solutions, who provides ‘strength and industry leadership within each product’ and boasts ‘over 7,000 clients’ to make them ‘the number one choice for many financial institutions.’ With a reputation like that, it’s no wonder so many banks look to Harland for their technology solutions.
“Unfortunately, Harland’s online banking product – Cavion® Internet Banking – is woefully inadequate. It does, however, sport several impressive-looking ‘multi-factor’ authentication and security methods.”
Banking so advanced, Worse than failure, October 17, 2007-10-26
Why do things like the internet and capitalism bring out the absolute worst in people? Why is that? I guess we’ll have to rely on banking fraud insurance and hope for the best on their security software.