Internet banking is widely used, especially by individuals and small and medium businesses, because it is easy and convenient, available 24 hours a day, seven days a week and typically incurs far less bank fees than going in to a branch to do banking, writes Simon Webster, technical consultant at The Webcom Group.
However, online identity theft is unfortunately a reality, and ploys such as phishing and pharming, virus attacks, hacking, unauthorised access and fraudulent transactions put consumers at risk. The best way to avoid falling victim to these kinds of attacks is to be aware of them and safeguard personal information. Online fraud is rife and consumers need to be aware of its existence and understand the risks they pose to avoid falling victim to fraudsters.
Phishing is one of the most common, and publicised, forms of theft when it comes to Internet banking. Phishing typically takes the form of an email, ostensibly from a customer's bank, requesting confidential details and internet banking information, or containing a link to a Website that looks almost identical to the authentic one, where users will enter their details. These are then captured by the fraudsters and used to make unauthorised transactions on an account.
Internet banking users need to be vigilant in recognising these ploys so that they do not respond to them. They also need to be aware that protecting confidential details is their responsibility and that they should never divulge information like passwords, profile numbers and Personal Identity Numbers (PINs). Banks will never use email to request personal details or contact a user telephonically to request electronic banking information.
Keystroke logging is another common method of perpetrating online banking theft. This literally involves the user's keystrokes being recorded, in a number of ways, and then using this information to access accounts without authorisation and make fraudulent transactions. To do this, the fraudsters may use software, hardware, keyboard sniffers, keyboard overlays or even optical surveillance like video cameras.
The best way to avoid falling victim to keystroke logging is not to access an Internet banking facility from any publicly accessible venue, such as Internet cafés or even at the office. Users also need to avoid clicking on suspicious links in emails, which may contain Trojans or a virus that may install a keystroke logging programme on the user's machine. Anti-spyware software as well as having an adequate firewall is also important to prevent these types of programmes from being installed.
Another less well known form of online identity theft is pharming, which is a compromise of a website at the Internet Service Provider (ISP) level. When users enter the URL of their Internet banking site, pharming hijacks the DNS tables, redirecting the user to a fraudulent site that looks just like the real site, which is then used to capture their details for fraudulent activities.
This method is particularly dangerous, as even if users have all of their security in place on their machine they are still vulnerable as this type of fraud happens on the bank's side. The only way to identify a fraudulent banking site is to look for the padlock at the bottom of the screen, as this indicates that the website is encrypted and secure. If this padlock does not appear the user should leave the site immediately and not enter any of their details.
While these threats are real and pose a serious risk to users of internet banking, it cannot be denied that online banking has benefits that outweigh the issues. As long as users are aware of potential problems that may compromise their accounts, and take security seriously, these threats can be avoided and users can enjoy the convenience of online banking without falling victim to fraud.