When
Which? Computing asked me to help evaluate online banking services, I expected to find very similar results amongst the ten banks they selected. However, as
their press release says, there were some pretty big differences. Although we only looked at the visible security measures in place, some banks appeared to offer little to help defend against simple
keyloggers.
I know that there are some
sophisticated banking Trojans around, using man-in-the-browser attacks, but surely that's not an excuse to ignore defending against simpler
malware and physical
keyloggers?
Obviously banks need to balance good security against
usability, being concerned that consumers may be put off by complex authentication processes. But with the vast increase in the number of Trojans, and more and more people using public
WiFi and shared computers,
Barclays' approach of using a
PINsentry device seems like the most secure option.