[ISN] Banks on track to fully use online ID security

From: InfoSec News (alerts@private)
Date: Sun Oct 15 2006 - 22:38:38 PDT


http://biz.thestar.com.my/news/story.asp?file=/2006/10/14/business/15729002

BY LOONG TSE MIN
October 14, 2006

KUALA LUMPUR: All Malaysian banks are on track to fully implement the 
two-factor authentication, a form of online identification security, by 
Dec 1 as mandated by Bank Negara, said Association of Banks in Malaysia 
(ABM) chairman Datuk Abdul Hamidy Abdul Hafiz.

Several banks have already implemented the system as an additional 
security measure, Hamidy, who is also Affin Bank Bhd managing director 
and chief executive officer, told a press conference yesterday.

In the two-factor authentication, customers must confirm their 
identities through something they know, like a personal identification 
number (PIN) or password, but also with something physical, like a 
hardware token with numeric access codes that change every minute or a 
biometric device.

On recent cases of online banking fraud through phishing or SMS, ABM 
said these were not the result of any intrusion into the Internet 
banking systems.

Rather, they occurred as a result of customers inadvertently revealing 
their user IDs and passwords to third parties, it said, adding that it 
was not the practice of any bank in Malaysia to send e-mail or SMS to 
Internet banking customers asking them details of user IDs or passwords.

The two most common forms of phishing were social engineering or 
tricking the customer into revealing his or her password and user ID, 
and through a phoney website of the bank that the user was sent to when 
a link on an e-mail was clicked on, said ABM council member Piyush 
Gupta, who is also Citigroup Country Office and Citibank Bhd chief 
executive officer.

We urge all customers to contact their respective banks first should 
they receive any suspicious e-mail or SMS, said Hamidy.

At present there are 2.5 million Internet banking customers in Malaysia, 
conducting some 12 million transactions a month, while the growth rate 
for Internet banking customers was 20% in 2005.

The security system for Internet banking in the country was not only in 
line with, but often exceeded, the minimum requirements of Bank Negara 
and was on par with international standards such as ISO 17799 and 
accredited independent security consultants, Hamidy said.

We wish to emphasise and assure the public that Internet banking will 
continue to be safe, given the technology and security measures that are 
in place. However, it is a dual responsibility of customers and banks 
that is critical in addressing this issue of online fraud, he said.

1995-2005 Star Publications (Malaysia) Bhd (Co No 10894-D)


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org 



This archive was generated by hypermail 2.1.3 : Sun Oct 15 2006 - 22:55:32 PDT