Documente Academic
Documente Profesional
Documente Cultură
com
Online banking
ried about privacy issues, be- longer just your neighbours, like Facebook.
cause we’re so used to having but the world that knows it. We The University of Ottawa-
everything about ourselves on absolutely need to be more based Canadian Internet Policy
the Internet,” says the Oro- careful about what we put out and Public Interest Clinic re-
mocto, N.B., student. there.” cently filed a complaint with
“But it’s being turned around It’s a point made more the Privacy Commissioner of
O
nline banking clients the safety of data passing be- banking clients Yahoo, Microsoft and Adobe, “Young people are not thinking carry their data, profiles, friends
are a potential target as tween parties. and is currently vice-president about the fact that, 20 years and photos to partner sites.
increasingly sophisti- Lee Dunn, vice-president of marketing for the Ottawa- from now when they’re a CEO, If users sign the consent —
CANWEST NEWS SERVICE
cated Internet attacks aim to and chief information security based start up, Overlay.TV. a video they posted of them- there’s no obligation to do so —
grab critical financial informa- officer at BMO, says the en- Here are some tips from the While he admits the potential selves dancing drunk at age 18 sites can then mine only the
tion. hanced sign-in features include experts on how online bank- collision between social net- will pop up on YouTube.” profile information the user is
Today’s attacks are taking a personalized graphic and ing clients can protect them- work users and those who It’s a situation that begs for willing to share.
place more frequently and customized phrase users select selves against phishing at-
faster than ever before. Banks to appear after they enter their tacks — phoney e-mails that
and other protectors of sensi- card number. attempt to extract valuable
tive online information now This graphic and phrase personal financial informa-
face threats from so-called combination helps identify the tion.
“zero-day” attacks, says George website’s authenticity, after ■ Be aware that authentic
Kerns, president and chief ex- which the user can sign in with banks will never request their
ecutive officer of Fusepoint their personal identification clients divulge personal infor-
Never fear,
Managed Services Inc., a man- number. mation, such as account
aged information technology This works two ways: numbers and passwords, in
solutions provider headquar- “It gives the customer a con- an e-mail.
tered in Mississauga, Ont. fident feeling they are at a le- ■ Authenticate the website
“The whole point of a zero- gitimate website” and also pro- you are going to is genuine by
day (attack) means that within vides the bank with assurance verifying that it has a secure
safer Internet
24 hours of most things being the customer is who they pur- sockets layer (SSL) certifi-
known, they’re exploited.” port to be, she says. cate.
Consequently “there’s very lit- BMO also monitors sign-in ■ Never click on a link in a
tle time to be able to fix it be- patterns. If, for instance, a per- suspicious e-mail. Instead
fore there’s some kind of im- son signs on to his or her ac- search out an official bank
pact.” count away from the computer URL site via your browser bar.
is here.
The banking industry in site her or she normally trans- ■ Never download an attach-
Canada devotes substantial act from, the bank will prompt ment from a suspicious e-
time, effort and money to com- them with a series of supple- mail. It may consist of a virus
bat such threats, stresses mentary, pre-selected personal- or spyware.
Maura Drew-Lytle, director of ized questions to make sure it is ■ Contact your bank immedi-
media relations and communi- indeed the client who is at- ately if you suspect some-
cations with the Canadian tempting to sign on, explains body has tried to emulate
Bankers Association (CBA) in Dunn. them online.
Toronto. But firewalls alone don’t
According to the CBA, provide enough security.
clients of the six largest Cana- While a firewall can act as an “spoof site,” which mimics the
dian banks alone — RBC Royal infrastructure layer to try to appearance of an authentic
Bank, BMO Bank of Montreal, prevent unauthorized access site, says Darrell MacMullin,
TD Bank, Scotiabank, CIBC for certain services, “most country manager for PayPal
and National Bank of Canada hackers today break into the Canada, an online payment so-
— went online to record nearly web applications,” which in an lutions provider.
394 million financial transac- online, worldwide banking en- Often such correspondence
tions in 2007. vironment allows them to involves urgent requests for
In 2006, those same banks more easily bypass firewalls, banking clients to validate
spent $4.4 billion on their tech- says Stewart Wolfe, KPMG their credentials or register for
nology in- LLP’s leader of security ser- a type of service when they log
❝ f r a s t r u c - vices for the Greater Toronto onto a false site with their user
ture; be- area. name and password, so perpe-
The whole t w e e n “Although application layer trators can capture the sensi-
point of a 1996 and firewalls provide a level of pro- tive personal information
2006, in- tection, the secure coding of needed to commit further
zero-day c l u s i v e , applications from initial devel- crimes, adds Wolfe.
(attack) they in- opment to production release “A bank will never send you
v e s t e d is key to providing Internet an e-mail asking you to verify
means $37.6 bil- banking web applications that your personal information,”
that, within lion. are more resistant to malicious says Drew-Lytle. “They already
“ T h e penetration attempts,” he says. have it.”
24 hours banks have This is one reason why addi- Consequently, it’s essential
a lot of tional protection, such as a se- for users to authenticate that
of most p e r s o n a l cure sockets layer (SSL) cer- the website they enter is gen-
things f i n a n c i a l tificate issued by an authorized uine, and never give out sensi-
i n f o r m a - third-party to certify that a web tive financial information un-
being tion on server belongs to the company less they are certain it is.
known, their cus- it purports to be is essential. The best way to do this,
tomers, so Such certificates include 128- Wolfe says, is to verify the SSL Get the most secure High Speed access .
they’re they un- bit encryption. certificate by clicking on the
Feel invincible online with the most comprehensive suite of security services. Protect your
exploited derstand From a user standpoint, “if I lock displayed by the browser.
that pro- connected to a bank, and didn’t A lock icon will appear when personal information with our Firewall and Anti-Spyware, automatically detect and delete
❞ t e c t i n g see an SSL certificate, I would- the address prefix in the harmful viruses with Anti-Virus software, and rest easy with added security features like
GEORGE KERNS, that is cer- n’t start putting in my user browser bar changes from http
Parental Control and Anti-Fraud. Best of all, there’s no extra cost.
FUSEPOINT tainly one name and password because I to https.
MANAGED of their couldn’t be guaranteed that If clients are contacted by
SERVICES INC. most im- session is encrypted,” says somebody phishing for infor- Add High Speed to a bundle and save over 15%.*
p o r t a n t Wolfe. mation illegally, they need to
jobs,” says Drew-Lytle. Customers can also arm contact their bank immedi-
“The banks are always imple- themselves by becoming aware ately, the experts say.
menting new security proce- of the threats they may face If they have already provided
dures” to ensure customer and what to do about them. information, they also need to
safety, she adds. Phishing attacks, for in- quickly issue a fraud alert and
BMO Bank of Montreal, for stance, are a prime example of contact other parties, such as
instance, offers clients a num- a malicious attempt to exploit their credit card issuer, to let
ber of protective measures. banks and their customers. them know what has happened SAA79089
These include enhanced sign- The idea of a phishing e-mail to try and prevent further dam-
in security to help prevent is to get users on to a so-called age.