Tuesday, February 24, 2009

To Certain The Uncertainties

Dear Valued Customer,

The management of Maybank regrets to inform you that your account will be blocked for security reasons as we discovered a serious problem with your account and system security.

Reactivate your account now by following the below secured location. Please click here. 
Inactive accounts will be terminated within 2 hours of notice. We are sorry for any inconvenience caused.

Sincerely,

Maybank Berhad.

Online banking? Yes, it's convenience. Answered an impostor :-)

I bet at least once, you have received similar phishing email camouflaged as a trustworthy entity attempting to acquire your username and password. Of course you will not be fooled and will not “reactivate” your account as told.  Although the success rate is extremely low, to lure the unsuspecting, a phishing kingpin, Valdir Paulo de Almeida (finally arrested in Brazil for leading one of the largest phishing crime rings), in two years have stolen between US$18 million and US$37 million.

Terms & Conditions: Take It or Leave It!
For banks, they’re pretty safe because account holders are forced to accept terms and conditions set by the banks and risk themselves for any fraudulent of account-theft, free the bank from any liability even on the imitation webpage which look exactly the same like the one the legitimate bank offers. The bank manager explains, “You shouldn’t reveal your username and password to anyone at anytime and at any circumstances.” By that, the bank confirms it’s your fault, and you have to accept your fate of losing your money that they kept.

My last topic “Killer and Numbered Account” brought up a question. For numbered accounts, is there any possibility to implement biometrics verification such as FingerTec OFIS as an added security feature to prevent account-theft? 

FingerTec OFIS (System Diagram) 

The answer is apparent, a NO. Even if the Swiss banks agreed to adopt biometrics identification, the approvals of account holders are impossible to obtain because anonymity is a privilege in these banks.
How about ordinary people who wish to keep their hard-earned money safe in the banks? If a bank wished to embed fingerprint modules to enhance security in their ATM machines or offered a fingerprint device such as FingerTec OFIS to customers to verify their identity before making any transaction online, of course I would contemplate on the idea of whether FingerTec got the job or not. 

Secure The Customers, Not The Money
Why are the banks still adamant not to improve their security systems although the account-theft have cost multimillion-dollar losses every year whereas the state-of-the-art technology is available in the market? The only viable explanation to this is the fact that the loss is on the expense of customers, not the bankers.

Online banking is definitely a current trend in banking. You’re not required to physically appear at the bank to withdraw money from your own account or to do transfers, paying bills, buying shares, and etc; all the transactions are done remotely by typing a set of alphanumeric codes on a keyboard. Do you feel safe?

An earlier famous quote for the Internet era, “On the Internet, nobody knows you’re a dog.” Yes, it is possible to train a smart robotic dog likes AIBO to sit behind a computer to steal money from your bank. :-)


To certain the uncertainties, this is the challenge for remote identity verification system. And the FingerTec OFIS (Online Fingerprint Identification System) is the ideal logical access control  solution to prove that that is actually a real human being with confirmed identity doing the transactions from a remote site. 

by Teh Hon Seng, CEO, FingerTec HQ

No comments: