When Which? Computing asked me to help evaluate online banking services, I expected to find very similar results amongst the ten banks they selected. However, as their press release says, there were some pretty big differences. Although we only looked at the visible security measures in place, some banks appeared to offer little to help defend against simple keyloggers.
I know that there are some sophisticated banking Trojans around, using man-in-the-browser attacks, but surely that's not an excuse to ignore defending against simpler malware and physical keyloggers?
Obviously banks need to balance good security against usability, being concerned that consumers may be put off by complex authentication processes. But with the vast increase in the number of Trojans, and more and more people using public WiFi and shared computers, Barclays' approach of using a PINsentry device seems like the most secure option.
1 year ago