The widespread reuse of online banking credentials is being exploited by criminals who have devised various methods to harvest login credentials from less secure sources, such as webmail and social network websites. Once acquired, these usernames and passwords are tested on financial services sites to commit fraud.
Trusteer found that 73% of bank customers use their online account password to access other websites and that 47% use both their online banking user ID and password to login elsewhere on the internet.
The findings are based on a sample of more than 4 million users of the Rapport browser security service, many of whom are customers of North American and European banks.
Trusteer recommended customers to maintain at least three sets of credentials for financial websites, nonfinancial sensitive websites that hold information about identity and non-sensitive websites that do not maintain confidential information.
Trusteer also recommended financial institutions to identify customers who use their bank login information on nonfinancial websites, educate them to avoid this risk and set risk engine to higher sensitivity for these customers.
Amit Klein, CTO of Trusteer and head of the company’s research organization, said: “Using stolen credentials remains the easiest way for criminals to bypass the security measures implemented by banks to protect their online applications, so we wanted to see how often users repurpose their financial service usernames and passwords. Our findings were very surprising, and reveal that consumers are not aware, or are choosing to ignore, the security implications of reusing their banking credentials on multiple websites.”
Mickey Boodaei, CEO of Trusteer, said: “Being named Innovator of the Year by SC Magazine and having a new category created for our product is an honor and serves as powerful, independent market validation for our approach to securing browser communication and transactions.
“It was gratifying that SC magazine recognized Trusteer for both technical and business innovation. Getting Rapport installed on over three million machines in less than one a year required a creative approach to distribution and almost transparent installation for end-users. It has paid off, Rapport is currently being offered as a free download by more than 50 banks and financial institutions in North America and Europe.”
Trusteer enables online businesses to secure communications with their customers over the internet and protect personally identifiable information (PII) from a user’s keyboard into the company’s web site.
Rapport from Trusteer is a light weight browser plug-in plus security service that prevents criminals from tampering with a user’s browser and protects against man-in-the-browser, man-in-the-middle, and phishing attacks.
