Advertisement
Promo

Security threats Toolkit

Security calamity shakes US banks

Will Knight ZDNet.co.uk

Published: 25 Sep 2000 09:15 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A UK-based computer expert has reported breaching security at some of the biggest Internet banks in America, gaining control of thousands of personal bank accounts.

In the most serious Internet security incident to hit financial companies yet, Ralph Dressel, a software engineer with the Royal Skandia Investment bank, told the Observer that he was able to transfer funds and alter PIN numbers belonging to whole databases of unknown users.

Dressel says he gained access to these accounts after stumbling across an access log at the Web site belonging to Fiserv, the software firm which provides the banking software for many US banks. Dressel contacted the FBI along with police in Britain and informed the national press in Britain in order to publicise the security incident. Lots of banks worldwide use Fiserv software, including the UK's Abbey National.

Prudential's online bank Egg also uses Friserv banking software although this is not accessible via the public Internet and so was not exposed by this incident. According to Egg's chief technical officer Pete Marsden this dire exposure of bank details demonstrates the importance of auditing not just internal security. "A third party's security has to be as strong as your own. Any online organisation has to make sure of this," he says.

Senior security analyst with Information Risk Management Richard Stagg agrees that this should be standard security procedure. "Quite often you will find companies that want to be secure are let down by outsourcers," he says. "You're only as secure as your weakest link."

Fiserv estimates that its software is used to control 200 million accounts online and $15bn (£9.3bn) of customers' money. This enormous security breach overshadows most other recent security incidents and will undoubtedly confirm fears over Internet banking security sparked by more minor mishaps. Last month, Prudential's Internet bank Egg was last month the target of fraud and Barclays bank accidentally allowed customers to gain access to other users' accounts.

Are Internet banks a security risk? To have your say online click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read what others have said.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
24 out of 74 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:









Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

McKinnon lawyers seek judicial review

Lawyers seeking a judicial review for Nasa hacker Gary McKinnon lodged fresh evidence of his psychiatric state at the High Court on Thursday. Karen Todner, McKinnon's solicitor,... More

1 comment

Beware of keeping your head in the clo...

Information security professionals can look forward to a deepening appreciation for their skills as security continues to be recognised as an essential element for doing business in... More

1 comment

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters