ING hopes to cut phishing attacks with encryption software

By Robert Westervelt, News Editor 21 May 2008 | SearchFinancialSecurity.com

Enterprise IT news roundup Digg This!     StumbleUpon     Del.icio.us

Alarmed by the growing number of malware threats such as phishing, pharming and man-in-the-middle attacks, ING Direct is offering free identity theft software designed to give customers a direct connection when they sign into their accounts.

We're hoping this will help us avoid untold amounts of damage not only to us from fraud losses but also to the consumer and that's what's important. Robert Weaver, head of IT security, ING Direct

Trusteer Rapport software will be used to create a secure pipeline between the customer and the bank. It protects all information flowing between the computer and the ING Direct website. The free download is currently available to a limited number of customers, but the bank plans to make it widely available this summer.

It took virtually no investment from ING to offer the software to customers, said Robert Weaver, head of IT security at ING Direct in the U.S. No additional infrastructure was needed to support the software, he said. The only investment needed was to create the marketing materials, Weaver said.

"We're working with Trusteer because this is new technology and we've been providing a lot of input," Weaver said. "In the end any investment we make definitely has a return on that investment because we don't want our customers to go through identity theft."

ING has the ability to detect a customer using the software and could feed the information into the company's risk-based transaction monitoring system, Weaver said.

The software has been in production for about eight months, according to Trusteer CEO, Mickey Boodaei. It was first deployed by New York-based brokerage, Muriel Siebert & Co., Inc. The software contains no spyware, he said. Neither ING Direct nor Trusteer collect any customer information using the software.

Phishing attacks: Phishers targeting smaller financial firms, credit unions: Financial institutions remain a target of phishing attacks, but it's no longer just the biggest firms that are under assault. Fortunately, companies are finding ways to fight back. New phishing, Zeus Trojan technique spreads crimeware: Researchers are tracking new phishing methods that steal a victim's information and spread a Trojan designed to pilfer even more data. Researcher warns of new do-it-yourself phishing program: FaceTime malware research director Chris Boyd says his team has been trying with mixed results to take down a new do-it-yourself phishing program they found online.

It also won't slow the computer, Boodaei said. Like traditional antivirus software it runs in the background of the computer, but its approach is different in that it doesn't try to detect and remove malware from the desktop. When a customer logs into ING Direct to view their account information, the software controls all the API calls of the operating system, making sure that when the user interacts with the website, malware won't be able to interact with the transaction. It also encrypts all information typed by the customer from the keyboard all the way to the network adapter and authenticates with the website to make sure it is not a phony site.

"The purpose is to hide this information from any possible malware on the consumer's desktop," Boodaei said.

ING Direct has the ability to push out policy updates to users. A software update with new features and fixes will be released every couple of months, Boodaei said. Eventually Boodaei hopes to get more banks to register for the Trusteer service and broaden the protection to more customers. Software users can also protect data exchanging with three other websites of their choice. Customers will have the option to upgrade the software, giving them the ability to protect more websites.

"We're hoping this will help us avoid untold amounts of damage not only to us from fraud losses but also to the consumer and that's what's important," said ING Direct's Weaver. "We want to make them feel safe banking online."

Tags: Spam, phishing and social engineering attacks,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Spam, phishing and social engineering attacks Research reveals success rate of phishing attacks Notorious spammer sentenced in stock fraud scam Judge rejects TD Ameritrade breach settlement FDIC warns of bogus emails Two Romanians suspected in phishing scheme extradited to U.S. Social engineering tests should make sense, not headlines Zeus Trojan hitting banking customers hard Five considerations for choosing network access control products Proposed expansion of top-level domains generates security concerns Online scammers exploit bank brands and consumers' financial woes

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary