27 August 2009
Some of Britain’s biggest banks appear to be leaving their customers’ online accounts vulnerable to fraud because of poor security, says Which? Computing.
Online accounts at Abbey and Halifax have weaker visible security measures in place than some of their rivals, while Barclays’ security is excellent, say Which? Computing experts.
Halifax has one of the least secure log-in procedures. It asks for three pieces of information to confirm a customer’s identity. As each entry is typed in full, this makes the information vulnerable to a simple keylogger, a virus that sits on a computer and tracks every keystroke with the aim of collecting passwords.
Keylogging software is blamed for online banking fraud more than doubling in 2008. It soared to £52.5m last year, up from £22.6m in 2007.*
In contrast, Barclays and Lloyds TSB ask customers to use drop-down menus. Simply using menus rather than the keyboard stops keyloggers from quickly capturing passwords. Barclays customers who forget their PINsentry device** must enter a five-digit passcode and two characters from a memorable word.
Browsing to another site can be unsafe with some accounts. Customers of Abbey, Alliance & Leicester, HSBC and Halifax are not immediately logged out if they browse, which means someone else could take over the session, leaving accounts vulnerable if accessed on a shared computer.
Which? Computing also found significant differences in how well money transfers appear to be protected. Abbey, First Direct, Halifax and HSBC have no visible security controls for money transfers, so if a banking session is hijacked, a criminal can enter the amount they want to.
Sarah Kidner, Editor, Which? Computing says:
‘There are surprisingly big differences between big banks’ visible online security systems. Some simple measures, like the use of drop-down menus, could improve safety considerably. The banks may say it’s the hidden security measures that count, but to have real confidence in an online account, customers need to see security in place.’
- Ends -
Notes to Editor
*According to the UK Payments Administration (formerly APACS).
**A device which generates a random password each time a customer logs in to their account.
How good is your bank’s consumer-facing security?
First Direct, Lloyds TSB, Nationwide, NatWest, RBS: Good.
Alliance & Leicester, HSBC: Average.
Abbey, Halifax: Poor.
Bt plans to soak subscribers to police filesharing – The Inquirer: “BT plans to soak subscribers to police filesharing
£25 each per year
By Rosalie Marshall, Thursday, 24 September 2009, 14:27
PROPOSALS to suspend the Internet connections of people caught illegally downloading copyrighted files will cost each UK broadband customer about £25 a year, according to BT.
The proposals are being driven by business secretary Peter Mandelson as a means of curbing illegal downloads, which allegedly are eating into the profits of the UK’s entertainment industry.
John Petter, BT’s consumer division boss, said policing downloads could cost the industry about £1 million a day.
Petter said that because broadband is a thin-margin business, there is no way any ISP, including BT, would be able to absorb the cost so it would have to be passed on to consumers.
A BT spokesman said the main cost would be the integration of new technology into the network to allow ISPs to track downloaders. Other overheads would include the costs of notifying and educating consumers on the new policy as well as enforcement costs.
‘We feel that instead music labels should develop new business models,’ said the spokesman.
‘At the moment, they just want to outsource all their problems to ISPs. Legislation before the introduction of Digital Britain did allow music labels to go after people that downloaded copyrighted music, but they did not take advantage of it because it would have generated bad PR for themselves,’ the spokesman added.
Responding to BT, a Department for Business spokesman said, ‘We have issued a consultation on our proposals. It is clear that the rights holders do suffer harm from file-sharing; it is also clear that tackling unlawful file-sharing will involve costs. We have asked industry for reliable figures on both the damage caused by file-sharing and on the cost these obligations will involve.’
He added, ‘Any decision would be based on a proper cost-benefit analysis and have to be proportionate. We hope BT will respond to the consultation and provide the information to help us make an informed decision.’
No ISP has come out in support of Mandelson’s proposals, which came as a surprise to the industry given that such a move was specifically ruled out by the government’s Digital Britain report in June.
Earlier this month, the chief executives of Britain’s biggest internet providers, including BT, united to criticise the government’s latest plans.
BT’s Ian Livingston, Carphone Warehouse’s Charles Dunstone and Orange’s Tom Alexander said because the vast majority of their customers do not illegally download content, many innocent customers would suffer as a result of Mandelson’s proposals.
The Internet Service Providers Association (ISPA) also registered its disappointment with the government’s apparent U-turn. The ISPA has pointed out that policing downloads could contravene data protection laws that prevent ISPs from looking at the content of information over their networks.
Another problem that has been raised is how ISPs will differentiate between legitimate downloads and illegitimate ones. For example, entertainers and producers that want to share their content with people may risk causing the recipients to be falsely identified as copyright criminals. µ”
On September 13, 2009, the Syrian State Security Supreme Court sentenced the young blogger Kareem Arbaji to three-years prison for ‘publishing mendacious information liable to weaken the nation’s morale,’ under article #286 of the Syrian penal code.
The thirty- one years old economics graduate, Kareem Arbaji, has been detained for over two years, since June 7th, 2007, by military intelligence officers.
Human Rights Reports reveal that Arbaji has been tortured during the detention:
Kareem Arbaji was detained before being tried, he received a cruel and disproportionate sentence even if he was convicted. He was tortured during investigations and ill treated for more than two years in prison.
It is likely that Arbaji has been arrested, detained and then sentenced for opinions he expressed on the blocked Syrian forum, Akhawiya, which he used to administrate along with other members. The forum members have created a page to honor and support their friend behind bars. A Facebook group too has been recently created in support of the jailed blogger. Several Syrian bloggers have expressed their anger at the courts order. The Arab bloggers league has also issued a statement denouncing Kareems sentence.
Below is an excerpt of The Arabic Network for Human Rights Information (ANHRI) report regarding the Syrian courts decision to sentence Kareem Arbaji:
ANHRI requests the Syrian government to immediately release Kareem Arbaji and all prisoners of conscience in Syrian dungeons, to abolish arbitrary detention policy and stop the security interference in judiciary affairs.
ANHRI asserts that the charge against Arbaji is a false one , only used as a pretext to inhibit freedom of expression and repress activists.
ANHRI also urges the Syrian government to eliminate the state security court as it is a stain to the Syrian justice.
It is worth to note that along with Kareem Arbaji, Syrian authorities sentenced several Syria bloggers in prison. On 11-5-2008 the State Security Court in Damascus stated its verdict on the Syrian blogger Tariq Biasi who was held in detention since 7-7-2007.
Also Tariq al-Ghorani (1985, assistant engineer) – Maher Ibrahim Esber (1980, a shop owner) – Husam Melhem (1985, a law student) – Omar al-Abdullah (1985, philosophy student) – Diab Siriyyeh (1985, student) – Ayham Saqer (1975, works at a beauty salon) – Allam Fakhour (1979, a student at the Faculty of Fine Arts – Sculpture Department) all were arrested, detained and sentenced for expressing their views on blogs and online forums, particularly on syriandomari blog and Akhawiya.
(Via Global Voices Advocacy.)