|
Korean Job Discussion Forums
"The Internet's Meeting Place for ESL/EFL Teachers from Around the World!"
|
| View previous topic :: View next topic |
| Author |
Message |
igotthisguitar
Joined: 08 Apr 2003
Location: South Korea (Permanent Vacation)
|
 Posted: Fri Apr 21, 2006 8:44 pm Post subject: Researcher: Major Banking Sites Insecure |
 |
|
Researcher: Major Banking Sites Insecure
Robert McMillan, IDG News Service
Fri Apr 21, 10:00 AM ET
Online bank customers may want to pay a little more attention to their browsers the next time they log in, because many of the most popular banking sites in the U.S. may be needlessly placing their customers at risk to online thieves, a noted security researcher warned this week.
At issue are the user login areas that can be found on banking sites such as Chase.com and Americanexpress.com, which ask users to submit their user ID and password information.
Although these forms may be encrypted, they do not use authentication technology to prove they are genuine, according to Johannes Ullrich, chief research officer at the SANS Institute. |
|
| Back to top |
|
 |
dogbert
Joined: 29 Jan 2003
Location: Killbox 90210
|
| Posted: Sat Apr 22, 2006 1:17 am Post subject: Re: Researcher: Major Banking Sites Insecure |
|
|
| igotthisguitar wrote: |
Researcher: Major Banking Sites Insecure
Robert McMillan, IDG News Service
Fri Apr 21, 10:00 AM ET
Online bank customers may want to pay a little more attention to their browsers the next time they log in, because many of the most popular banking sites in the U.S. may be needlessly placing their customers at risk to online thieves, a noted security researcher warned this week.
At issue are the user login areas that can be found on banking sites such as Chase.com and Americanexpress.com, which ask users to submit their user ID and password information.
Although these forms may be encrypted, they do not use authentication technology to prove they are genuine, according to Johannes Ullrich, chief research officer at the SANS Institute. |
Cyber Heist Could Cost Consumers
Consumer Groups Say Victims Need More Information About the Heist
April 21, 2006 — After their banks quietly informed them their debit card and bank information may have been stolen, thousands of Americans could lose as much as $500 in money taken from their accounts.
In possibly the biggest incident of debit card hacking theft, thousands of U.S. consumers have been told that their bank accounts may have been compromised by computer hackers who stole debit information and personal identification numbers (PINs) from their bank accounts.
"This is the worse debit-PIN breach that has been reported to date," said Avivah Litan, analyst and digital banking expert at Gartner.
During the past few weeks, banks across the country quietly informed consumers who may have been victimized by the breach, which occurred more than a month ago.
Litan said that 200,000 to 300,000 consumers may have had new debit cards issued, and the banks reportedly monitored account activity for the consumers at risk. But some consumer groups questioned why the notification letters were not more specific about the details of the breach, such as whether it was a specific merchant whose security was compromised.
"The letters seem to be pretty vague. They're not being told where the breach occurred. The notices tell them that something happened, but it won't tell them where or how," said Gail Hillebrand of the nonprofit group Consumers Union. "If you're a consumer, it would help to know which retailer made your information available, because maybe you wouldn't want to shop there again."
One privacy expert said that banks and retailers often wrangle over the particulars of notifying consumers when a security breach occurs.
"No one wants to send out a security breach notice," said Chris Hoofnagle of the Electronic Privacy Information Center. "You instantly become a pariah, and the fear is that you'll start to lose customers."
Responsible for Money Lost?
Unlike credit cards, which by law hold consumers responsible for only $50 in the case of theft, card issuers can hold debit card holders responsible for up to $500 when their money is stolen. Electronic money transfers, including debit card transactions, are governed by a Federal Reserve Board regulation known as Regulation E. One of its stipulations puts the onus on consumers to report irregularities with electronic transfers. If consumers fail to notify card issuers about breaches in a "timely fashion," the card issuer could hold the consumer responsible for up to $500. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
