Internet banking: How to secure online payments
Cyber criminals are not asleep, especially on the eve of the pre-Christmas rush. According to experts from Kaspersky Lab, the finances of Internet users are being attacked by a new banking Trojan. The malware allows attackers to intercept all user-entered data on online banking sites, including username and password. Having thus gained access to a bank account, the fraudsters transfer the user’s money to their accounts or, for the purpose of entangling traces, to the accounts of other victims.
It is theft through Internet banking, electronic payment systems and online shopping is the most common manifestations of crime in the network. According to Kaspersky Consumer Security Risk survey data, 33% of the respondents stole funds through electronic payment systems, 17% through Internet banking systems and 13% through online shopping sites. First of all, this is due to the naivety of Internet users, their confidence in the security of banking networks and computers.
The most important risk in the use of Internet banking is considered to be unauthorized access to accounts by 3 persons, says Konstantin Varnin, head of the introduction and maintenance of banking products and services of Industrialbank. In addition, the risk of losing and not returning money exists when the system fails due to a gap in the Internet, electronic network or other problems of a technical nature. As a result, the funds may have time to write off, but not be on the final appointment, emphasizes the expert.
To secure online settlements, banks take the following measures to protect remote maintenance:
1. Data encryption (SSL encryption)
SSL encryption is a protocol for establishing a secure communication channel and preventing the interception of confidential information on the network and other communication channels, said Konstantin Varnin. SSL encryption allows the client and the server to perform mutual authentication, after which an encrypted connection is provided between the client and the bank for secure transmission of information.
2. One-time passwords obtained from an ATM
At the moment, such a system is very rarely used by banks of Ukraine. The expert notes that in this case, customers should take care of the confidentiality of those passwords printed on ATM checks.
3. Dual degree of protection
According to Varnin, double protection implies client authentication in the system (login and password input) and the use of various protection methods in direct operations (SMS passwords, electronic digital signature (EDS), external electronic devices, etc.).
4. Disposable SMS Passwords
When using this mechanism, all transactions must be confirmed with a one-time password sent in an SMS message to the mobile phone number associated with the account / account of the client. “Using this protection mechanism, some banks strengthen it with an additional measure that increases the level of security – limit the time for using an SMS message,” the banker stresses.
5. Electronic Signature (EDS)
EDS – generated individual key to confirm the operation. “Plus the digital signature is that it allows you to uniquely identify the user. The disadvantage is that EDS can also be vulnerable to fraudsters. Attackers can get to the key by infecting the PC with malware, ”says Konstantin Varnin.
6. External electronic devices
To protect Internet banking, sometimes they use a one-time password generator that connects to the client’s computer via the usb port and does not require special software. Another security system uses an external electronic key, which is generated when you first connect to the Internet banking system, is recorded on external media and then used when conducting operations in the system. These systems, according to the banker, are a simplified version of the EDS.
In addition, says Konstantin Varnin, to increase the level of security, banks use the following measures:
– protection against phishing – the use of unique images in the software interface;
– additional restrictions in the use of a personal certificate – it is tied to only one (more often home) PC;
– virtual keyboard;
– limiting the duration of the client’s working session;
– connection history, which allows the client to track transactions performed using his accounts at any time.