Authentication Tokens from Banks Make Mobile Phones Susceptible to Attacks

Bank customers are required to enter the security token number to complete third party payments through Internet banking.

Albuquerque, NM (prHWY.com) January 18, 2011 - Increasing number of banks are adopting the practice to send authentication tokens through short message service (SMS) to their customers for validating third party payments. Bank customers are required to enter the security token number to complete third party payments through Internet banking. If customers choose not to use the number, than they have to use other channels of banking to make payments to third parties. When a customer selects third party payment on an online banking site, the concerned bank sends a SMS token - with unique numerical codes to the customer, which has to be entered on the net banking site to complete the payment. While the approach complements the requirement to reenter authentication details on the website to validate payments, also makes mobile phones vulnerable to hacking attacks. Recently, security firm RSA has cautioned that offenders may attempt to intercept the SMS messages and increase attacks on mobile phones.

While the SMS tokens have introduced an additional layer of security, they may encourage criminals to launch denial-of-service attacks on the mobile phones to disrupt its use by customers. Attackers may also intercept the message during transmission from bank to customer and forward it to their own mobile device. RSA has also warned against increased smishing attacks, the mobile variant of phishing attacks. The growth of mobile banking also makes mobile devices soft target for attacks. While spear phishing attacks are replacing phishing attacks on e-mail, mobile phones may face increase number of spam messages and smishing attacks. Online computer training programs may help users in understanding the possible sophisticated threats in the e-banking environment and help in conducting secure transactions.

Usually, manufacturers avail the services of ethical hacker certified experts to explore and identify the vulnerabilities in devices and applications. Banking organizations may work with stakeholders such as manufactures, software developers, telecom companies, regulatory agencies and IT security firms to ensure safe transmission of information.

IT personnel holding security certifications can help banks in improving the IT security apparatus and ensure safe banking experience for customers. While banks are now providing security tips and information related to threats to customers, they may also create awareness through online video programs and case studies to ensure adherence to safety precautions and practices.


EC-Council provides industry training and certification for information security professionals in ethical hacking among many other specializations. "Understanding how hackers exploit these vulnerabilities is a key requirement to hardening software and hardware. That is why EC-Council focuses on ethical hacking as an approach to information security evaluation" as stated by EC-Council's Senior Director, Steven Graham. EC-Council through its Certified Ethical Hacker program has trained such information security professionals from all over the world.

ABOUT EC-COUNCIL
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates EC-Council University and the global series of Hacker Halted security conferences. The global organization is headquartered in Albuquerque, New Mexico.

Press Contact
Steve Graham
6330 Riverside Plaza Ln NW
Suite 210
Albuquerque, NM 87120

###

Tag Words: internet banking, spear phishing, sms tokens, authentication tokens, phishing, smishing, security certification, sms, mobile phones, ethical hacking

Categories: Mobile

Link To This Press Release:

URL HTML Code