WASHINGTON, Aug. 23, 2006
Internet Banking Under Attack?
Foreign Banks Adopt Stricter Security Requirements, But U.S. Banks Resist
-
Play CBS Video Video Online Banking Theft Last year alone, an estimated 8.9 million Americans were victims of identity theft. As Thalia Assuras reports, thieves are focusing in on where the money is: online banking.
-
(CBS)
-
Interactive Cyber Crime Find out about viruses, worms, and other ways people can attack both you and your computer online.
-
Interactive FBI Crime Statistics Explore the latest information on U.S. crime, from acts of violence to property damage.
-
Interactive Eye On The Economy In-depth features on U.S. markets, taxes, employment and the Federal Reserve.
"We're underestimating Jesse James here," Kellerman tells CBS News correspondent Thalia Assuras.
A widely respected cyber-security expert, formerly with the World Bank, Kellerman says organized criminals — even terrorists — are hijacking the Internet.
"They're taking screen shots of what you type in as your password and sending this back to organized criminals," Kellerman says.
Security experts estimate that one in three computers worldwide is infected with some version of software that steals personal identification numbers (PINs), passwords and personal data — and delivers it all to online crooks.
"The concerns we have is that there be more of these attacks," says Tony Chew, director of technology risk supervision for the Monetary Authority of Singapore.
Chew regulates online security for Singapore, which three years ago declared that PINs and passwords were not enough to protect online banking — and ordered banks to adopt another layer of protection.
It's called two-factor authentication — simply proving who you are in more than one way. How? By using something you "know" — like a PIN — along with something you "are" — say, your thumbprint — or something you "have," like a token, a keychain device that spins ID numbers several times a minute to match similarly timed numbers in your bank's database.
The token (something you have) and a PIN (something you know) will access your account.
"We tend to be proactive, and we want to maintain and enhance confidence in our banking system," Chew says.
In Japan, it's the unique pattern of palm veins (something you are) combined with a PIN (something you know) that grants access to ATMs.
"That makes it very difficult for someone to copy," says Scott Ikeda of Fujitsu Ltd.
For now, though, U.S. banks are resisting dual-factor authentication as too expensive and too confusing to the customer.
"The ironic part is many of these banks have actually done this for their European and Asian consumers because of regulation," Kellerman says, adding, "Maybe we should emigrate."
Some U.S. bankers call Kellerman "Chicken Little." But he's not alone in thinking the Internet sky really is in danger of falling.
©MMVI, CBS Broadcasting Inc. All Rights Reserved.
CBSNews.com On Digg
More From CBS Evening News
Gen. Ray Odierno, head of multinational forces in Iraq, on progress there and plans for Afghanistan.
