For more than a decade criminals have been attacking online banking successfully by one upping security professionals their and clients by creating viruses to bypass existing security measures.

In response security companies offer new technologies to fight new threats and federal regulators have continually updated their compliance rules in response to existing vulnerabilities.

However one variable that technology has yet to fully fix is the human element. Sure many of the existing security technologies help protect the consumer and bank from human error like downloading a virus or social engineering tricks like clicking an infected link and alert us to a phish email. But no technology or even security or privacy policy can prevent someone from exposing all their life’s details on a social media site.

When criminals target an organization like a bank they start by looking for vulnerabilities in the network infrastructure. Beyond that they target the employees of a bank and their customers using the information provided on the corporate site, and via social media.

Once they gather enough information about their target they use that data to circumvent all the security technologies meant to prevent a user from downloading a virus or social engineering tricks like clicking an infected link and alert us to a phish email.

This is where banks need to step it up and incorporate complex device identification. iovation, an Oregon-based security firm, goes a step further offering Device Reputation, which builds on complex device identification with real-time risk assessments, the history of fraud on groups of devices, and their relationships with other devices and accounts which exposes fraudsters working together to steal from online businesses.

Robert Siciliano, personal security and identity theft expert contributor to iovation. He is the author of 99 Things You Wish You Knew Before Your Mobile was Hacked! See him knock’em dead in this identity theft prevention video. Disclosures.

Be Sociable, Share!