Security pro Brian Krebs (krebsonsecurity.com) recently wrote an article on a client that is suing its bank after $440k was stolen via cyber theft:
The issue or control breakdown in this case appears to be that the bank allowed transfers of money to other accounts using only a single password for protection. Krebs provides some useful insight into building security systems for online banking, or indeed any other processes that originate outside of one’s security domain:
“Any security or authentication mechanism that does not start with the assumption that the customer’s system is already compromised by malicious software does not have a prayer of defeating today’s malicious attacks”
A great quote!