Online banking in SA has risks

Customers must remain vigilant

July 16, 2009

Customers must remain vigilant says Kaspersky

The recent scandal involving a Vodacom employee working with a syndicate to intercept SMS notifications from banks to customers has raised serious questions about the security of online banking says Kaspersky.

“This incident, is as far as we know, a world-first, which only enforces our opinion that SMS-based authentication, while providing slightly more secure than the simple username-password combos, is clearly outdated and in our fast paced and highly evolving cyberworld is no longer sufficient by itself. “ says to Costin Raiu, Chief Security Expert at Kaspersky Labs.

According to Raiu, security experts around the world are aware of previous incidents where the cybercriminals found other methods to intercept the SMS’s from the banks, meaning that this should not be seen as an isolated incident.

In the short term, Raiu advises customers to run up-to-date operating systems, supplemented by a full security solution such as Kaspersky Internet Security, which contains specific, online banking-related protection modules.

“It is also very important to check your online account often and to immediately notify the bank if any suspicious transactions are found. Generally, the banks should be able to recover your money if the bank is notified promptly.  In other cases, the banks will totally refund the losses, as they occurred through the use of the authentication system designed and deployed by the bank.  An incident of this type can potentially cause marketplace uncertainty about the bank’s ability to keep their customer’s information and money safe and ultimately lead to reputational damage for the bank,” he concludes