Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Hole punched in UK bank's security

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Hole punched in UK bank's security
Date: Tue, 25 Oct 2005 01:20:14 -0500 (CDT) 
http://www.techworld.com/security/news/index.cfm?NewsID=4641

By John E. Dunn
Techworld
24 October 2005

Only days after trumpeting [1] a state-of-the-art online security
trial, UK bank Lloyds TSB has had its security systems beaten by no
more than a fake passport and a forged signature.

The identity fraud against an unnamed woman, reported at the weekend
by The Guardian newspaper [2], saw criminals empty her savings account
of a staggering £250,000 ($450,000) after presenting branch staff with
the fake documents.

The bank compounded this security disaster by refusing to explain to
her how such a fraud could have taken place. When she tried to open
another account at the same bank, she then discovered that her rating
had been "damaged" by the fraud, resulting in her request being
refused.

When Techworld spoke to the company's Internet banking director
Matthew Timms at the time of the BankSecure [3] authentication
announcement, he admitted that Lloyds TSB had seen increasing levels
of fraud in recent months.

Maintaining customer confidence was essential, he said, and "layering"  
security was one way to achieve that objective. Such a fraud
demonstrates how despite these assurances the bank.s security systems
can still fail calamitously.

Although the theft did not compromise the online banking security
directly - of which the BankSecure authentication system announcement
is an experimental part - that such a fraud can occur elsewhere in the
bank's systems is bound to undermine [4] the effectiveness of such
projects.

In another case reported to The Guardian at the same bank, a customer
had £1,414 ($2,500) stolen from his current account via debit card
fraud, despite the fact the theft occurred across 20 to 30 separate
transactions.

Again, although the BankSecure authentication was not involved in this
fraud, it raises more questions about the security practices of Lloyds
TSB. Banks are supposed to have fraud detection systems, whether
software-based or using staff monitoring, to pick up unusual spending
patterns. In this instance, they clearly didn.t.

Lloyds TSB were asked for comment but had not done so at the time of
going to press.

[1] http://www.techworld.com/security/news/index.cfm?NewsID=4583
[2] http://money.guardian.co.uk/weekly/story/0,16520,1597693,00.html
[3] http://www.lloydstsb.com/security.asp
[4] http://www.techworld.com/security/features/index.cfm?FeatureID=1878



_________________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Hole punched in UK bank's security, InfoSec News <=
Previous by Date:  [ISN] Kentucky lands grant to protect bingo halls from terrorists, InfoSec News
Next by Date:  [ISN] Squabble continues over credit card breach, InfoSec News
Previous by Thread:  [ISN] Kentucky lands grant to protect bingo halls from terrorists, InfoSec News
Next by Thread:  [ISN] Squabble continues over credit card breach, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]