March 10, 2005 12:01 PM PST
British banks in talks to fight ID theft
- Related Stories
Senator predicts 'overdue' changes to privacyMarch 10, 2005
Customer data stolen from footwear retailerMarch 10, 2005
Net crimes and punishmentMarch 9, 2005
Phishers using DNS servers to lure victims?March 8, 2005
eBay scrambles to fix phishing bugMarch 4, 2005
E*Trade adopts additional security for tradersMarch 1, 2005
Finding a replacement for passwordsFebruary 23, 2005
Security means business at RSAFebruary 18, 2005
RSA Security has been in discussions with all of the major U.K. banks about providing them with better security for their customers, the company said on Thursday. Although U.K. banks have been slow to take up increased security measures, RSA said they are now close to acting on identity theft.
"We are in conversations with all of them," said Tim Pickard, marketing director at RSA Security, speaking at the CeBit trade show here. "It's an issue that's on all their minds. I expect you will see them move this year."
Last year, Howard Schmidt, the former cybersecurity advisor to the White House and chief security officer at eBay, called on online businesses to implement stronger authentication for their customers' security. Some banks in Norway are already taking the issue seriously by generating one-time tokens to authenticate the identity of customers.
As yet, it is unclear how much money has been stolen through Internet identity theft. Next month, the Association for Payment and Clearing Services is scheduled to release a report that should give more details on the extent of the problem.
Pickard added that phishing attacks are likely to rise dramatically later this year, because fraudsters in China are creating huge databases of e-mail addresses and identities.
"China and South Asia is likely to come online soon with phishing scams. They (phishers) are building databases to launch phishing attacks," Pickard said.
Phishing schemes typically use e-mail messages that look like they come from a trusted service provider to dupe people into visiting a malicious Web site. The fraudulent site appears to be legitimate, but has been set up to steal the victim's personal information, such as a credit card number, which could then be used to commit identity fraud.
Dan Ilett of ZDNet UK reported from Hannover.