February 11, 2009 6:06 PM
- Text
Internet Banking Under Attack?
(CBS)
For most people, banking online is pure convenience. But for Tom Kellerman, every click of the mouse, every stroke of the keyboard is a potential disaster.
"We're underestimating Jesse James here," Kellerman tells CBS News correspondent Thalia Assuras.
A widely respected cyber-security expert, formerly with the World Bank, Kellerman says organized criminals — even terrorists — are hijacking the Internet.
"They're taking screen shots of what you type in as your password and sending this back to organized criminals," Kellerman says.
Security experts estimate that one in three computers worldwide is infected with some version of software that steals personal identification numbers (PINs), passwords and personal data — and delivers it all to online crooks.
"The concerns we have is that there be more of these attacks," says Tony Chew, director of technology risk supervision for the Monetary Authority of Singapore.
Chew regulates online security for Singapore, which three years ago declared that PINs and passwords were not enough to protect online banking — and ordered banks to adopt another layer of protection.
It's called two-factor authentication — simply proving who you are in more than one way. How? By using something you "know" — like a PIN — along with something you "are" — say, your thumbprint — or something you "have," like a token, a keychain device that spins ID numbers several times a minute to match similarly timed numbers in your bank's database.
The token (something you have) and a PIN (something you know) will access your account.
"We tend to be proactive, and we want to maintain and enhance confidence in our banking system," Chew says.
In Japan, it's the unique pattern of palm veins (something you are) combined with a PIN (something you know) that grants access to ATMs.
"That makes it very difficult for someone to copy," says Scott Ikeda of Fujitsu Ltd.
For now, though, U.S. banks are resisting dual-factor authentication as too expensive and too confusing to the customer.
"The ironic part is many of these banks have actually done this for their European and Asian consumers because of regulation," Kellerman says, adding, "Maybe we should emigrate."
Some U.S. bankers call Kellerman "Chicken Little." But he's not alone in thinking the Internet sky really is in danger of falling.
"We're underestimating Jesse James here," Kellerman tells CBS News correspondent Thalia Assuras.
A widely respected cyber-security expert, formerly with the World Bank, Kellerman says organized criminals — even terrorists — are hijacking the Internet.
"They're taking screen shots of what you type in as your password and sending this back to organized criminals," Kellerman says.
Security experts estimate that one in three computers worldwide is infected with some version of software that steals personal identification numbers (PINs), passwords and personal data — and delivers it all to online crooks.
"The concerns we have is that there be more of these attacks," says Tony Chew, director of technology risk supervision for the Monetary Authority of Singapore.
Chew regulates online security for Singapore, which three years ago declared that PINs and passwords were not enough to protect online banking — and ordered banks to adopt another layer of protection.
It's called two-factor authentication — simply proving who you are in more than one way. How? By using something you "know" — like a PIN — along with something you "are" — say, your thumbprint — or something you "have," like a token, a keychain device that spins ID numbers several times a minute to match similarly timed numbers in your bank's database.
The token (something you have) and a PIN (something you know) will access your account.
"We tend to be proactive, and we want to maintain and enhance confidence in our banking system," Chew says.
In Japan, it's the unique pattern of palm veins (something you are) combined with a PIN (something you know) that grants access to ATMs.
"That makes it very difficult for someone to copy," says Scott Ikeda of Fujitsu Ltd.
For now, though, U.S. banks are resisting dual-factor authentication as too expensive and too confusing to the customer.
"The ironic part is many of these banks have actually done this for their European and Asian consumers because of regulation," Kellerman says, adding, "Maybe we should emigrate."
Some U.S. bankers call Kellerman "Chicken Little." But he's not alone in thinking the Internet sky really is in danger of falling.
Latest Now in CBS Evening News
- Evening News Online, 02.10.12
- Diplomat: U.S. military not the answer in Syria
- On the Road: Noah's Dream Catcher Network
- Salvaging the Costa Concordia
- Bank deal won't protect federal mortgages
- Ambassador Ford on military help in Syria
- Rare moment of relief in Syria
- Romney touts conservatism at CPAC
- Obama's contraceptive compromise
- American company may salvage Costa Concordia
- A small taste of freedom in one part of Syria
- 12-year-old saves grandma's home from foreclosure
- Evening News Online, 02.09.12
- One mortgage mess culprit: Signature mills
- Remembering Kodak cameras
- Obama frees 10 states from "No Child Left Behind"
- Assad continues relentless attack on Homs
Latest CBS News Headlines
on Facebook
on CBS News
- Faces of protest are as varied as Russia itself
- First lady fixes on must-dos prior to election run
- First lady fixes on must-dos prior to election run
- Obama didn't see backlash on birth control coming
on Facebook
- Adele sings a cappella for Anderson Cooper
- Occupy protestors kicked out of CPAC
- CPAC: Will Sarah Palin spring a surprise?
- Beyonce and Jay-Z post first photos of Blue Ivy Carter
on CBS News
