Entersekt poll reveals that US citizens are afraid of online fraud
Entersekt, South African based, transaction authentication company, has mandated market research in the US to gauge people’s responses to online banking security, or the lack thereof and inevitable consequences. Polls show that 85% of US adults are afraid of fraud and that 71% would consider changing banks in the case of a security breach. It also shows that 58% of U.S. adults would take some action to secure their online banking transactions by using mobile phones to validate activities.
The possible breaches that would constitute fraud include malware, phishing, brute force attacks and man-in-the-browser.
Phishing: is emailing a customer under false pretenses in an attempt to get them to hand over personal information.
Malware: is software created to damage or disrupt a system (a virus is a good example).
Man-in-the-browser (MITB): is a proxy Trojan horse which takes advantage of weaknesses in browser security to change elements, without anyone knowing.
LiquidApps’ Year-Long Token Generation Event Suggests the Future of FundraisingGo to article >>
Brute force attack: is a cryptanalytic attack, executed when it is not possible to take advantage of other weaknesses in an encryption system. It involves checking all possible keys until the correct key is found.
RSA’s 2013 report “The Year in Phishing” has revealed among other things that the US is the number one nation to have hosted the most phishing attacks in 2012 (as it was in 2011).
While there are several products that work against the banking fraud being discussed, for example one time passwords (OTP),”The fundamental flaw these products share” according to Christiaan Brand, Chief technology officer at Entersekt, “is that they continue to rely on browser-based communications back to the bank…Banks are in the unenviable position of having to juggle robust security with consumer demand for convenient access. OTPs deliver neither.” Entersekt offers an alternative authentication system which it vouchers for and advertises that clients using it are yet to experience a successful phishing attack on their browsers.