Today, single factor authentication, e.g. passwords, is no longer considered secure in the internet and banking world. Easy-to-guess passwords, such as names and age, are easily discovered by automated password-collecting programs. Two factor authentication has recently been introduced to meet the demand of organizations for providing stronger authentication options to its users. In most cases, a hardware token is given to each user for each account. The increasing number of carried tokens and the cost the manufacturing and maintaining them is becoming a burden on both the client and organization. Since many clients carry a mobile phone today at all times, an alternative is to install all the software tokens on the mobile phone. This will help reduce the manufacturing costs and the number of devices carried by the client.
By
Chintan Vyas, L2 , Zeenuth Infotech Ltd.
| 01 28 2011 21:52:33 +0000
Mr. Mittal, I think you should put up some article (separate from this discussion) on TS knowledge base/discussion for bank implementation. I am a HDFC online customer & I am not aware of any such implementation. Would be interested to know more & I think other people would also like to know it, so they can switch bank if the implementation is a real differentiator.
By
Sanjay Arora, CEO/MD/Director, Videh International Pvt. Ltd.
| 06 29 2010 12:07:19 +0000
Building additional security measures always help, and in that I agree with Mr. Arora. In India, Bank of India is doing it correctly... protecting the entire connection pipe to its' customers using StarToken - which also includes SMS OTP (mobiles) as additional authentication. Other banks like Union Bank, HDFC, Bank of Baroda have 2FA, but whether they protect or not is anybody's guess... SBI had to wait till a fraud on their secure iBanking took place in May.
By
Shaillender Mittal, Director Sales, Uniken Solutions
| 06 29 2010 11:06:11 +0000
I will go with V.Srinivas and his tips in this post. apart from what he has mentioned, one should use Private Browsing facility (Available in Firefox and many other Anti-Virus also provide this facility to use Private Browsing in your Browsers). Private Browsing doesn't remember or keep username, password, site visited etc...informations in your Browser, making it safer to use for financial transactions. Run a good History Cleaner ( CC Cleaner or like) before & after the transactions Internet Banking is not absolutely safe, but we can make it Safer & better as this is the future of banking Cheers!
By
Veejay Bhatia, Administration Manager / Recruitment Coordinator, French Firm dealing in Oil & Gas, Dubai (UAE)
| 05 13 2010 14:15:34 +0000
As I work in customer service of a Bank I know most of the cases where there is misuse of the online account is due to the fact that people unknowingly part with there information. The hacker stealing your information is a very rare incidence (I have not come across even one such case). I use online baking for al my transactions.
By
Mohammad Ali Colombowala, Service/Maintenance Supervisor, Citibank
| 05 09 2010 15:27:17 +0000
Not absolutely, but reasonably safe. as a retiree, i do all my banking transactions, and stock transactions onthe net. rules are simple:- 1. use only a secure PC. do not do this at PCOs and parlours. 2. get the PC scanned and swept on a daily basis. 3. ALL banks now have the facility of "virtual keyboard" Use it. I use it even for entering my login name. 4. some banks have a double security by sending you a timed code on your mobile for authentication- opt for it 5. change passwords regularly- one bank of mine wants in every 14 days.
By
V. Srinivas, Freelancer, Information Technology
| 05 09 2010 06:19:03 +0000
Not absolutely, but reasonably safe. as a retiree, i do all my banking transactions, and stock transactions onthe net. rules are simple:- 1. use only a secure PC. do not do this at PCOs and parlours. 2. get the PC scanned and swept on a daily basis. 3. ALL banks now have the facility of "virtual keyboard" Use it. I use it even for entering my login name. 4. some banks have a double security by sending you a timed code on your mobile for authentication- opt for it 5. change passwords regularly- one bank of mine wants in every 14 days.
By
V. Srinivas, Freelancer, Information Technology
| 05 09 2010 06:14:19 +0000
One cann't say whether Online banking is safe or not. It depends how secure nework u r using while transactions. Normally office networks are secured with Firewalls but at home or Cyber Cafe we donot use any Firewalls or other security machenism (such as - VPN), during transactions.
Public computers are not safe for such transactions due to risks of Spywares, worms, Keyloggers, Trojan-Horses etc. Hence, suggest try to use online banking from your office networks if u r comfortable or scan ur PC's regularly with updated Anti-virus definitions and avoid using USB-drives from unreliable sources, also donot share ur USB-drives to avoid risks of viruses.
As far as technology is concerned that is being used at service providers end, now a days 128-bit(RSA Public Key Cryptography) encryption is used for securing connections. This algorithm is in-built in the Web-browser ( IE, Firefox, Netscape...). But we cannot say that our transactions are safe considering the above scenarios.
Be sure not to use any of the public computers, scan ur PC's/Laptop's regularily with updated definitions, inform ur IT-Dept for any suspect found in ur office PC/Laptop, avoid using shared storage or mass media...
At last - Every technology has some merits and de-merits we have to understand and help out technology every time to ease our life.
By
Arpan Manu, System Engineer, Leading IT Solutions
| 05 09 2010 03:57:57 +0000
I agree with you Mittal....... No doubt that Indian have taken to online banking. And it's easy to see why virtual banking is easy to use, efficient and available around the clock, putting fund transfers and bill paying at our fingertips. As compared to the earlier days, the system has changed and there are many security measures taken by the banks...... So SAFE !!!
By
Anita Sawant, M & A Advisor, SBI Caps
| 05 08 2010 07:15:02 +0000
Most of the Banks focus only on implementing security measures at their end. Internet (which is the medium of connecting the Internet banking Service and the customers), is not governed by anyone, or a government or banks or a regulatory body. Anyone can open a website, anyone can give any IP address to their servers, and more so, anyone can buy a SSL certificate for their own domain, and then mask the subdomains to "read" similar to authentic bank websites. Democracy at its' best!
The customer's PC, which is the device connecting to the Internet Banking Service, and the channel used (The Internet) are not under the Bank's control. If they are insecure, then implementing any security measure at the Bank's side will be rendered useless.
By
Shaillender Mittal, Director Sales, Uniken Solutions
| 05 07 2010 08:10:37 +0000
|
We all have heard about phished SSLs - these are secured connections, not with the banks, but with the hackers...How easy it is to get a SSL today! A hacker establishes a secure connection with you, and then with the bank, all the time making you believe that you are in fact connected with the bank.. We have read reports of Sitekeys (used by HDFC in India and BoA) vulnerable to sophisticated MITM attacks... And then the good old trojans and keyloggers, which bypass the security of virtual keyboards and corporate firewalls/anti virus. In order to protect any web transaction completely, what I believe more important is not to have only 2FA, but to extend the security cover to having end-point integrity, secured channel and 2FA. The safest I have seen and what has also worked with technologists in India and other countries is mutually authenticating the connection before any credentials are exchanged, which can be used for frauds later. If we have mutually authenticated first, then there is no way a hacker/MITM or phishing can occur. Isn't this a smarter way than to deploy expensive 2FA solutions only to be hacked later! And an impressive alternate to constant anti-phishing services.
By
Shaillender Mittal, Director Sales, Uniken Solutions
| 06 29 2010 11:02:44 +0000
Not only India, but its not safe across all the countries. Hackers are always one step ahead of the security. Moreover one has to take many precautionary steps to access internet safely. Which is not always possible, you may forget to update your antivirus, you may be using unsecured internet etc., I don't have/know a best possible solution, but all the nations must discuss and put standards in place.
By
Ravi , IT PMO, Cricket Communications
| 05 09 2010 03:21:49 +0000
|
