Premier Energy Security
Networking Organization

 Home     About Us     Who Should Join     Membership Benefits     Contact     Member Login   
 
Energy Security Council
2611 FM 1960 West,
Suite F-121
Houston, TX 77068
(281) 587-2700 Phone
(281) 587-2715 Fax
info@energysecuritycouncil.org

1
  Membership Info
 Membership
 Member Companies
 Application
 Member Directory
 Board of Directors
 
 
  News
 Security News
 Member News
   Events & Training
 Upcoming Events
 Recent Events
 
 
 
 
 
 
 
  Law Enforcement 
 Law Enforcement
Liaison Committee
 Awards/Recognition
 
 Upcoming Training
 Recent Training
 
 
 
 
 
 
 
 
 
 Crime Alert Postings
 News
  Energy Crime Stoppers
 Energy Crime Stoppers Program
 News
  Resources
 Career Center
 Agency Links
 
  
1
  Security News
  Posted on: Monday, December 12, 2011
Cyber Information
   
 
Recent Security News:
4/8/10   CSIS: A Growing Terrorist Threat? Assessing "Homegrown" Extremism in the U.S.
3/29/10   TCRAS Special Terrorism Request
3/20/10   Offshore Helicopter Operations Report Increase in Suspicious Activity
2/24/10   HOAX/SPAM ALERT - DPRK has carried out nuclear missile attack on Japan
1/28/10   CFATS January Tiering Notification Batch

Search Archive:

Internet bank account hacking has now expanded to RBI's much hyped One Time Password (OTP) security system. With few banks adopting OTP for online and credit card transactions, incidents of hacking have already been reported from Mumbai and Kolkata.

Cyber security analysts say there are multiple risks involved in the OTP system. While a mobile service provider can reissue a SIM card, if not used for 3 months, a hacker can also avail of a duplicate sim card by producing fake identification documents. In one such case of hacking in Kolkata, the fraudsters have approached the mobile service provider with a fake voter's ID of the bank customer and obtained a SIM card. The complainant filed under adjudication application.

"The OTP has exposed the vulnerability of mobile phones in internet banking. While there is talk about poor 'know your customer' (KYC) procedure in the banking sector, we should not forget that KYC is equally weak in the mobile phone sector. In the Kolkata case, by the time the fraudster managed to obtain a duplicate SIM card, the original customer's mobile phone was de-activated and even before he came to terms with the fault, the transaction had happened from his account," cyber security adviser N.A. Vijayashankar said.

In another case, the customer who had an online account went abroad and his attempts to de-register his account went in vain as the bank demanded his physical presence. Here again, his mobile number may get re-issued to a different customer by the mobile service provider. "Even if none of these compromises take place, hacking is still possible as fraudsters have been using malwares which these measures cannot thwart. Banks verify only login verification and not transaction verification. In the US, Federal Financial Institutions Examination Council (FFIEC) issued supplementary guidelines this June stating that OTP is vulnerable and explicitly states that transaction data verification should be done.

Banks in our country can go for the next-generation technology which can guarantee both login and transaction verification", said Mr Mohan Sundaram, who is CEO of firm Red Force Lab, which deals with cyber security solutions.

System Analyst IV
(HRISC) - Fusion Center / Houston Police Department
Criminal Intelligence/Homeland Security Division
Printer Friendly Format  Printer Friendly Format    Send to a Friend  Send to a Friend    RSS Feed  RSS Feed



 

 Energy Security Council - Copyright 2008