Incidents concerning suspicious account activity from a handful of Standard Bank customers using public computers have resulted in the bank urging users to avoid these facilities completely when banking.
Standard Bank believes this kind of fraud is due to key-logging hardware installed on public computers by malicious users to obtain sensitive information.
It has warned, by SMS and e-mail, all Internet banking users, totalling over 500 000, to completely avoid public Internet facilities.
"It is not just us that has been affected," says Herman Singh, director of technology engineering at Standard Bank. "A number of customers from other banks using public computers have been as well."
Regarding added security features, such as the pop-up PIN pad, Singh says it is possible, but highly unlikely that this feature can be bypassed. "Investigations are still under way on this matter," he says.
Singh explains that a more plausible reason for the identity theft is that many customers are still failing to use the PIN pads correctly and the fact that public computers are usually riddled with Trojans and viruses.
Other than completely avoiding publicly accessible computer and Internet terminals, Singh also suggests users make use of Standard Bank`s 'one-time` password facility. Upon initial log-in, this service sends the online user a password that is valid for a few minutes only and essential to the completion of the logging-in process.
"This service is very important to our security," explains Singh. "And we will be making it mandatory as of October."
Standard Bank`s IT security department has been working with the Scorpions on an industry initiative to track down hacking syndicates. Although investigation details are sensitive at present, Singh says they are expecting a breakthrough soon.
Related stories:
Banks 'must redesign interfaces`
Russians go phishing in SA
Standard nets phishing sites

