By Mark Felsenthal
WASHINGTON (Reuters) - U.S. banks should use more than a single
password to identify on-line customers to prevent fraud, bank
regulators said on Tuesday in recommendations that underscore growing
concern about theft over the Internet.
"Financial institutions' wider adoption of electronic payment systems,
as well as the increasing number of customers using these services,
have produced greater opportunities for electronic fraud," the Federal
Deposit Insurance Corp. said in a study, "Putting an End to
Account-Hijacking Identity Theft."
The unauthorized use of personal information to break into bank
accounts, which regulators refer to as account hijacking, is one of
the fastest growing forms of electronic fraud, regulators said.
Almost 2 million Internet users experienced fraud of this type in the
12 months ending in April 2004, the agency said.
Fraud perpetrators get bank customers' personal information by
cracking computer codes, stealing documents, looking over people's
shoulders, or getting bank employees to provide the data, the
regulator said.
Thieves also trick customers into providing personal data by posing as
an official source -- a practice known as "phishing."
Internet companies, including EarthLink Inc., Microsoft Corp. and
America Online Inc. and law-enforcement agencies said last week they
will work together to track down online scam artists who pretend to be
banks and other legitimate businesses in "phishing" attacks.
Regulatory agency FDIC said banks should rely on multiple
tests to identify an on-line customer.
"The main problem with single-factor identification is that passwords,
the most commonly used factor, are often easy to steal, guess, or
crack and, once a password is compromised, the thief has the same
access rights as the legitimate user," the agency said.
Institutions should also invest in software that scans Web sites for
indications banks or their customers are the targets of information
thieves, the agency said.
NOTE: For more telecom/internet/networking/computer news from the daily
media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra . New articles daily.
*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance Reuters News Service.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml