Home > 2011 > Identity Theft > Expert: eBanking Americans Are Low-Hanging Fruit for Breaches

Expert: eBanking Americans Are Low-Hanging Fruit for Breaches

Advertiser Disclosure Comments 0 Comments

Every week, it seems, another big company announces that it has lost thousands or millions of sensitive records on American consumers. Morgan Stanley. Sony. Cord Blood Registry.

Ever wonder why American consumers keep getting hit by data breaches? It’s because we’re the lowest-hanging fruit for thieves, says Adam Dolby, director of electronic banking at Gemalto, an electronic security company.

“With the rest of the world hardening their targets, the U.S. becomes the weakest link,” Dolby says. “You can always tell when you’re the weakest link because you’re getting targeted.”

The biggest vulnerabilities involve our bank accounts, says Dolby. Countries as diverse as Germany, South Korea, the United Kingdom and Singapore all have taken serious measures to lock down consumers’ bank information. In Germany, consumers must swipe their cards against a scanner machine to obtain a password to access their bank accounts online. The password is good only for that transaction, and only for a limited time.

[Related article: Safer Online and Mobile Banking In the Works]

Other banks are experimenting with a plug-in Zip drive that only allows customers to visit certain bank-related websites. The drives also generate new access codes every time consumers log into their accounts.

“It’s still web-based convenience, but you know for sure it has no viruses,” Dolby says.

In many other countries, banks are required to implement such strict access controls. Here in the U.S., banks have no such rules. Bank of America is one of the few banks here to implement similar controls voluntarily. Before logging into their accounts, BofA customers receive one-time-only passwords via texts sent to their phones.

Such extra steps are necessary, Dolby says, because banks and consumers now must assume that their computers are already thoroughly compromised by hackers—that fraudsters are already in our machines, looking over our shoulders, looking for information they can steal that will lead them to cash.

That’s why it’s important to use other kinds of devices to send account access information that changes all the time. The hackers may be able to compromise one system pretty easily, but the chances that they’ll be able to invade two or more systems simultaneously are very low.

“Four years ago, we thought that all we have to do is protect the front door. Well, hackers have shown a pretty legitimate ability to get in the front door,” Dolby says. “So now you have to assume that you’ve already been compromised. So how do we protect the jewels in the vault?”

[Resource: Understand your exposure to Identity theft with the Identity Risk Score]

New Rules Show How Far Behind We Really Are »

Image: Amy Lenzo, via Flickr.com

Pages: 1 2

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

Certain credit cards and other financial products mentioned in this and other articles on Credit.com News & Advice may also be offered through Credit.com product pages, and Credit.com will be compensated if our users apply for and ultimately sign up for any of these cards or products. However, this relationship does not result in any preferential editorial treatment.