iTrax's  Instablog

iTrax
Send Message
EXPERIENCE - KNOWLEDGE - INTEGRITY: 25 years of experience in media production; newspaper, magazines, radio, tv, web-publishing, multimedia and corporate communications . Also experienced in starting new business, management and consulting. Areas of expertice: Economic- and financial journalism,... More
My company:
H5F communications Ltd.
My blog:
RATIONAL ARROGANCE
My book:
Toppsjefen
  • Gigant Social Media Security Hole In Banking 0 comments
    Feb 26, 2013 6:55 AM

    Did you know that you can log into an American online banking service from outside the US, using only your Facebook log-in credentials? Well, now you do. And so does about a million criminal hackers from around the world…

    "That's the very, very, very risky thing about social networks. The idea of using them as an authentication platform really has its drawbacks. I really think it's a bad idea."

    Dr. Ken Baylor

    (click to enlarge)

    Facebook and access to millions of people through a single social login process . All customers right there on the platform. And aid in registering and creating new online accounts. This "dream of a bank marketer's" may soon turn into a horrible nightmare for the decision makers in the international banking industry.

    I have suspected for a while that this may be the case:

    But, last week it was confirmed through an article written by the banking industry itself and published on their own website, AmericanBanker.com.

    Not the fact that some banks have already started to allow users to access their bank accounts with a Facebook account as the only form for identification, but the fact that any breach of security that a user encounters on social networks could potentially spread to that person's online bank account, and from there, leak into to highly connected global system of online banking.

    According to vice president at information security research and advisory company NSS Labs. Dr. Ken Baylo, the social networking as an authentication factor have "just proven to be highly susceptible to malware, multiple times."

    Additionally. many unsophisticated users wouldn't't think twice about clicking on a malicious link, making it particularly enticing for criminals hackers.

    "That's the very, very, very risky thing about social networks," says Dr. Ken Baylor.

    "The idea of using them as an authentication platform really has its drawbacks. I really think it's a bad idea."

    "Banks outside the US are starting to allow direct access to online banking through Facebook and that's where there should be a concern about Facebook hacking," says Nicole Sturgill, research director in the cards and retail banking practice at CEB Towergroup.

    "Facebook should be used as a gateway to online banking, but there should be an extra layer of security. No one should be able to log in to online banking with nothing but their Facebook ID and password," Nicole Sturgill says.

    Most banks in the US, though, are still just using Twitter and Facebook for marketing and customer service messaging, rather than as a portal to online banking,

    Massive Gang Attacks

    Facebook, Twitter, Apple (AAPL) and at least 40 other companies were recently victim of the efforts of a band of high-tech criminals from Eastern Europe, according to Bloomberg.

    Twitter said in early February that 250.000 of its users' passwords may have been compromised.

    In addition, high-profile hacks of the branded Twitter accounts of Burger King and Jeep show just how vulnerable social media identities are.

    In the Burger King case, hackers changed the logo on the company's Twitter page to the McDonald's logo and spread false information that the fast food chain had been sold to McDonald's.

    Linkedin isn't much safer - the professional's social network has also endured attacks recently that have compromised millions of users' passwords.

    Last week, Facebook said it was targeted by thieves that loaded malicious software onto employees' computers directly through a compromised developer website.

    Over the weekend we've also come to learn that tech giants like APPLE and Microsoft are amongst the victims.

    But all of them claims that their users data have not been compromised.

    Now, do you believe that?

    Playing the Risk Game

    You better make up your mind pretty soon, because the banks are just doing what they think they do best:

    Calculate risks.

    "The use of a social sign-in is twofold. One, it expedite the process of sign-in because it's a common platform. Secondly, we can use the Facebook identity to expedite, because we can draw information out of the profile, also we actually use it as part of the identity check." says fintech entrepreneur Brett King,

    In addition to Facebook, banks are also planning to allow people to tie their bank accounts directly to Twitter.

    "The benefits, for us, outweigh the potential risk," says King.

    "The fact is that Facebook's login platform is still magnitudes more robust than most Internet banks."

    What!?

    May I remind you that it is, in fact, Facebook that is getting hacked all the time!

    And most Internet banks are more vulnerable?

    "The more I look at Facebook's authorization and reliance on open standards for encryption, and then compare to some existing bank credential code, I am fairly convinced that large fintech providers aren't necessarily doing any better job in physically coding and securing authorization than many of the social sites," says Bradley Leimer, who heads the digital channel strategy for Northern California-based Mechanics Bank, in an email to American Banker.com.

    "Which means it is only a matter of time before we see larger scale breaches - all of it is testing our networks, I'm actually amazed we don't have more breaches that involve account data."

    This is just getting better and better….

    And Hedging the Risk

    Bankers need to make those risk decisions for themselves, says senior vice president of corporate development at digital direct marketing agency, New Control, and author of the Bank Marketing Strategy blog, Jim Marous.

    "I think this is all uncharted territory. It's one thing to have a small or a midsize bank overseas use Facebook sign-on or Twitter sign-on," he says. "But I think you move the needle exponentially when you talk about a large bank in the US doing this where there is more risk."

    According to fintech specialist Brett King at the financial servicer, Moven, they are now working on plans to hedge against cyber crime by requiring multi-factor authentication any time someone wants to move cash, that includes an additional PIN number and a one-time password.

    I really hope someone over there at Moven will remind Mr. King about the fact that he also have the option to hedge against cyber crime by buying some stocks in some IT security company…or short-sell his own….it's called "delta hedging"….look it up….

    Anyway - bankers need to make those risk decisions for themselves, says Jim Marous, a senior vice president of corporate development at digital direct marketing agency New Control, and author of the Bank Marketing Strategy blog.

    "I think this is all uncharted territory. It's one thing to have a small or a midsize bank overseas use Facebook sign-on or Twitter sign-on," he says. "But I think you move the needle exponentially when you talk about a large bank in the US doing this where there is more risk."

    AmericanBanker.com finally writes that an inquiry had been sent to Facebook's press office seeking comment was not immediately answered, a tweet sent to Twitter was not answered, either. And, an email sent to LinkedIn also received no response.

    I have a strong feeling that the AmericanBanker have been asking the wrong people the wrong questions in a very wrong way…

    READ THE FULL AMAZING STORY @ AMERICANBANKER

    Related by the econoTwist's:

Back To iTrax's Instablog HomePage »

Instablogs are blogs which are instantly set up and networked within the Seeking Alpha community. Instablog posts are not selected, edited or screened by Seeking Alpha editors, in contrast to contributors' articles.

Comments (0)
Track new comments
Be the first to comment
Full index of posts »
Latest Followers

StockTalks

More »

Latest Comments


Instablogs are Seeking Alpha's free blogging platform customized for finance, with instant set up and exposure to millions of readers interested in the financial markets. Publish your own instablog in minutes.