Did you know that you can log into an American online banking service from outside the US, using only your Facebook log-in credentials? Well, now you do. And so does about a million criminal hackers from around the world…
“That’s the very, very, very risky thing about social networks. The idea of using them as an authentication platform really has its drawbacks. I really think it’s a bad idea.”
Dr. Ken Baylor
I have suspected for a while that this may be the case:
But, last week it was confirmed through an article written by the banking industry itself and published on their own website, AmericanBanker.com.
Not the fact that some banks have already started to allow users to access their bank accounts with a Facebook account as the only form for identification, but the fact that any breach of security that a user encounters on social networks could potentially spread to that person’s online bank account, and from there, leak into to highly connected global system of online banking.
According to vice president at information security research and advisory company NSS Labs. Dr. Ken Baylo, the social networking as an authentication factor have “just proven to be highly susceptible to malware, multiple times.”
Additionally. many unsophisticated users wouldn’t think twice about clicking on a malicious link, making it particularly enticing for criminals hackers.
“That’s the very, very, very risky thing about social networks,” says Dr. Ken Baylor.
“The idea of using them as an authentication platform really has its drawbacks. I really think it’s a bad idea.”
“Banks outside the US are starting to allow direct access to online banking through Facebook and that’s where there should be a concern about Facebook hacking,” says Nicole Sturgill, research director in the cards and retail banking practice at CEB Towergroup.
“Facebook should be used as a gateway to online banking, but there should be an extra layer of security. No one should be able to log in to online banking with nothing but their Facebook ID and password,” Nicole Sturgill says.
Most banks in the US, though, are still just using Twitter and Facebook for marketing and customer service messaging, rather than as a portal to online banking.
In addition to Facebook, banks are also planning to allow people to tie their bank accounts directly to Twitter.
“The benefits, for us, outweigh the potential risk,” says King.
“The fact is that Facebook’s login platform is still magnitudes more robust than most Internet banks.”
FULL POST @ RATIONAL ARROGANCE
- Microsoft Confirm: We’ve Been Hacked, too (twistedeconotwist.wordpress.com)
- Certified online banking trojan in the wild (h-online.com)
- Mobile phishing geared towards online banking users (net-security.org)
- Online Banking Security Tips from F-Secure Experts – Video (news.softpedia.com)