I have worked in the financial services sector for 25 years, mainly in IT. The fraud scams are getting better and better. Identity theft is huge, it costs Australian banks about $100K each per month! The cost for the USA last year was almost $1 Bn, Identity Theft is the fastest growing crime.
There are many vunerabilities, some you wouldn't even see - man in the middle, DNS poisioning, SQL embedding, URL reflection on improperly set up sites.
I am extending our company's Identity Management solution at the moment. Have a look at
www.TrustDefender.com - a great and free Aussie invention to protect against URL hijacking. In this respect unlike all other Spybot, Virus Scanner, or Firewall Solution TD is unique (and undergoing patent application). It works by looking for URL re-direction and checking if the destination is a known financial institution (i.e. one of our 88 licensed Banks in Australia) - checking all certificates and policies match, and if they don't applies community based voting as to the destination of where your browser session is going. It's housed behind multiple high end fire walls, on 4 * T3 lines (multiple gigabytes of data throughput) in a C4 (Government defense rated secure site - retina + finger print + Impala key required for access).
So it does 3 things well (in realtime - i.e. adds less than 1/2 a second to your transaction):
1. Checks how up to data your protection is (firewalls, virus scanners, spybot detectors and windows patches) and informs you of risks
2. Checks all termination addresses certificates matches known valid sites and their certificates (impossinle to fool)
3. Checks all sites against a community that votes on valid or fraudlent sites to further detect phishing attacks and warns you if its phishing or pharming!
I'm not affiliated in anyway with this firm, but I think personally its the ideal solution to a vexing industry problem, and assume a Government department or major financial instutition will either buy them out or co-fund them soon. There solution is well worth a read because within 18 months major cards (VISA and Mastercard so far have taken the stance to all merchants - adopt Smartcards and Smartcard readers - or you'll foot the bill for fraud - not us!). When this happens the market will be in turmoil for a while and some Merchants may inflate costs to cover fraud.
http://www.trustdefender.com/downloa...enderSetup.exe
PS
If your a victim the Banking act allows you to repudiate ANY payments by cards for at least 90 - 120 days for any of the following reasons - not my transaction, not the goods I ordered, not good in acceptable quality. Once you write to the merchant and they refuse refund, you are entitled to contact your card provider and say I repudiate this payment and have requested the goods be refunded. By law then they must deal with the merchant on your behalf and you are protected and its a single merchant vs the might of a major international card issuer having to comply with the Banking act enforced in Australia.
![[1ponders]'s Avatar](../vbiis/customavatars/avatar45_9.gif){kind=avatar}
to do anything about them.
