Citadel Information Group

  • Home
  • About Us
    • About Citadel
    • Who We Are
    • When To Call Citadel
  • Services
    • Overview: Delivering Information Peace of Mind ® to Business and the Nonprofit Community
    • Citadel’s Information Peace of Mind ® Program
    • Assessments and Reviews
    • Information Security Policies and Standards
    • Secure The Human
    • Phishing Defense Training
    • CCPA and Defendable Security Procedures and Practices
    • Privacy: Information Inventory / Data Mapping
    • Security Management of the IT Network / Infrastructure
    • Incident Response / Business Continuity
    • Secure Application Development — Learn By Doing
    • Litigation Support
    • Keynotes
    • Client Success Stories
  • Blog
  • Resources
    • Information Security Library
      • Citadel Guides
      • Awareness Posters
      • For Boards and the C Suite
      • Cybersecurity Law
      • Cybersecurity Surveys
      • HIPAA HITECH
      • Insurance and Risk Management
      • National Cybersecurity
      • Online Bank Security
      • Payment Card Industry Data Security Standard
      • Personal Cybersecurity
      • Securing the IT Network
      • Helpful Links
    • Blogs
      • Cybersecurity Blogs
      • Leadership and Culture Change Blogs
  • Contact
You are here: Home / Articles / Security of Online Banking Threatened by Defeat of Two-Factor Authentication

September 23, 2009 by Stan Stahl Ph.D.

Security of Online Banking Threatened by Defeat of Two-Factor Authentication

What’s happening: Cybercriminals have learned how to steal money from business bank accounts even when bank security controls include second-factor authentication.

What it means: Most banks and businesses believe online banking is safe when protected with what’s known as 2nd-factor [or multi-factor] authentication. While second-factor authentication is a step-up over single-factor, it is still not fail-safe. Take a look at our blog posting about a $447,000 cybertheft from a company that uses second-factor authentication. The two stories below describe the ease with which cybercriminals are bypassing second-factor authentication. After bypassing inadequate protection of the IT infrastructure, the cybercriminals succeed by taken advantage of untrained unaware staff.

What to do: Management must get on top of this problem. Train staff to recognize cybercrime danger signs. Tightly manage technology controls. Consider replacing antvirus / antimalware solutions with intrusion detection / prevention solution. Check your cyber-insurance. Be prepared to sue your bank: Email our Guide: An Emerging Information Security Minimum Standard of Due Care to your attorney.

**********************************
From ZDNet: Modern banker malware undermines two-factor authentication

Once pitched as an additional layer of security for E-banking transactions, two-factor authentication is slowly becoming an easy to bypass authentication process, to which cybercriminals have successfully adapted throughout the last couple of years. http://blogs.zdnet.com/security/?p=4402

From MIT Technology Review: Real-Time Hackers Foil Two-Factor Security. One-time passwords are vulnerable to new hacking techniques. http://www.technologyreview.com/computing/23488/

Filed Under: Articles

Call us for a free confidential consultation:
323-428-0441

Get our newsletter

A weekly report of critical security updates and the latest cybersecurity news delivered to your inbox from Secure The Village.

Sign Up

Categories

Get in touch

323 428 0441
info@citadel-information.com

Citadel Information Group
Citadel on Linkedin
SecureTheVillage on Linkedin

About Us

Citadel Information Group is a full service integrated information security management / governance firm. We work either consultatively or as part of a client’s senior management team, assisting our clients cost-effectively manage the confidentiality, privacy, integrity and availability of their information. Learn more.

Key Resources

  • The Citadel Way to Information Security Management
  • Creating a Cybersecurity Aware Culture
  • Secure Application Development: The CISO’s Role – a webinar with WhiteHat Security
  • Information Security Library

Copyright © 2018 by Citadel Information Group  All Rights Reserved | Privacy Policy