Our Program

News :-

Banks Warned Against On-Line Fraud Dangers :-

By Mark Felsenthal

WASHINGTON (Reuters) - U.S. banks should use more than a single password to identify on-line customers to prevent fraud, bank regulators said on Tuesday in recommendations that underscore growing concern about theft over the Internet.

"Financial institutions' wider adoption of electronic payment systems, as well as the increasing number of customers using these services, have produced greater opportunities for electronic fraud," the Federal Deposit Insurance Corp. said in a study, "Putting an End to Account-Hijacking Identity Theft."

The unauthorized use of personal information to break into bank accounts, which regulators refer to as account hijacking, is one of the fastest growing forms of electronic fraud, regulators said.

Almost 2 million Internet users experienced fraud of this type in the 12 months ending in April 2004, the agency said.

Fraud perpetrators get bank customers' personal information by cracking computer codes, stealing documents, looking over people's shoulders, or getting bank employees to provide the data, the regulator said.

Thieves also trick customers into providing personal data by posing as an official source -- a practice known as "phishing."

Internet companies, including EarthLink Inc. (ELNK.O: Quote, Profile, Research) , Microsoft Corp. (MSFT.O: Quote, Profile, Research) and America Online Inc. (TWX.N: Quote, Profile, Research) and law-enforcement agencies said last week they will work together to track down online scam artists who pretend to be banks and other legitimate businesses in "phishing" attacks.

Regulatory agency FDIC said banks should rely on multiple tests to identify an on-line customer.

"The main problem with single-factor identification is that passwords, the most commonly used factor, are often easy to steal, guess, or crack and, once a password is compromised, the thief has the same access rights as the legitimate user," the agency said.

Institutions should also invest in software that scans Web sites for indications banks or their customers are the targets of information thieves, the agency said.