Hackers outwit online banking identity security systems

Criminal hackers have found a way round the latest generation of online banking security devices given out by banks.

After logging in to the bank's real site, account holders are being tricked by the offer of training in a new "upgraded security system".

Money is then moved out of the account but this is hidden from the user.

Experts say customers should follow banks' official advice, use up-to-date anti-virus software and be vigilant.

Devices like PINSentry from Barclays and SecureKey from HSBC - which look a lot like calculators - ask users to insert a card or a code to create a unique key at each login, valid for around 30 seconds, that cannot be used again.

This brought a new level of online banking security against password theft.

The additional line of defence provided security even if a user's computer along with any password information was hacked, and they still offer the best level of protection available against online banking fraud.

While these chip and pin devices make the hackers' job more difficult, the hackers themselves have raised their game.

A test witnessed as part of a BBC Click investigation suggests even those with up-to-date anti-virus software could be at risk.

There is no specific risk to any one individual bank.

Man in the Browser attack

In the test the majority of web security software on standard settings did not spot that a previously unseen piece of malware created in the software testing lab was behaving suspiciously.

The threat does not strike until the user visits particular websites.

Called a Man in the Browser (MitB) attack, the malware lives in the web browser and can get between the user and the website, altering what is seen and changing details of what is being entered.

More Information from Source:BBC News