Banks Cheating at Web Security

Blogger David Berlind of ZDNet posted a relevant entry to his blog recently concerning a report card by InfoWorld on whether banks will make the federal Web security deadline.

According to an original article by Jaikumar Vijayan on Computerworld,
most banks appear to be unprepared to meet the Dec. 31 deadline for
complying with the federal security guidelines. Many of the banks are
complaining that the guidelines are not mandatory and they don’t
specify what form of strong authentication methods should be

A recent Alarmed column by CSO’s Sarah Scalet
also bemoans the fact that banks are falling short of these guidelines
and that many banks are proudly marketing authentication that falls far
short of any reliable form of online security.

Berlind’s fellow ZDNet blogger, George Ou, goes so far as to write that banks are cheating their way toward the guidelines, which list three main factors of security that need to be present.

However, Computerworld points out that many banks
are trying to get around the guidelines by adding one or two additional
factors to the most common form of online banking authentication (what
the user knows: user ID and password), by piling those items into the
authentication process.

Ou also points out that no security
expert would ever count multiple instances of “something the user
knows” as multifactor authentication.

From CSO Online.


Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s