Low Assurance SSL-based Phishing Attacks Against Banks and Credit Unions accounted for 33% of all phishing attacks in May

By | June 29, 2006

Comodo Inc., a global Certification Authority and leading provider of Identity and Trust Assurance (ITA) Management solutions, announced today major expansion of the Comodo Mutual Authentication (MA) initiative to help consumers re-establish trust in online financial interactions through an innovative new PKI based mutual authentication verification solution.

Comodo announcement comes as its new technology, SVT (See. Verify. Trust) is being deployed globally at financial institutions and credit unions largely in response to an escalation of attacks against regional banks and credit unions. According to SC Magazine, (June 9, 2006) recent attacks on regional banks in the United States accounted for 33 percent of all phishing attacks last month, with credit unions taking up 29 percent of all attacks. Non-American banks were 26 percent of all banking brands attacked by phishing in May, whereas national U.S. banks only accounted for 11 percent of phishing attacks.

This increase in fraud attacks against the regional financial institution sector is directly related to the flood of low assurance SSL certificates which do not validate business legitimacy but rather rely only on automated domain validation processes. As a result, fraudsters can easily procure the important gold padlock trust symbol to provide a veneer of legitimacy to their fraud site. The impact of these low assurance certificates is that the cost of phishing, pharming and online fraud is growing at an alarming 37% rate (a rate that is faster than online sales growth) according IDG, (September 2005). Particularly hard hit are smaller financial institutions like banks and credit unions as they are the new “soft target” or favorite of fraudsters.

In response to this growing need to protect consumers with a cost effective and easily deployed mutual authentication solution, Comodo launched its Mutual Authentication Solution. Based on PKI, recognized as one of the most secure environments by the FFIEC, Comodo MA solution uniquely provides a Best Practices approach to be fully compliant with FFIEC guidelines. This solution has been proven to be one of the fastest and lowest cost solutions on the market today with most Comodo customers becoming fully compliant within 4 weeks or less. This solution enables both consumer authentication of bank site before sensitive information is compromised and allows banks to verify consumer identity. By contrast, all two factor solutions do allow bank to authenticate the identity of the User – but do nothing to enable consumer authentication of the site identity that is outside the browser environment and thus “un spoofed.” With non browser based verification, consumers are protected against mimics sites designed to steal information.

Comodo MA Solution

Comodo´s patented SVT technology is at the heart of the Comodo Mutual Authentication solution and includes authentication processes for both sides of the transaction – consumer authenticating the bank and vice versa. Consumers can verify the legitimacy of the bank with a free digital reader called VerificationEngine (www.vengine.com). This effective, “spoof-proof” means to establish trust, authenticate identities and ensure a trusted transaction protects consumers because; a) Verification Engine automatically distinguishes between “good” high assurance padlocks which vet web business for legitimacy and “bad” low assurance padlocks and b) VE protects consumers by allowing them to verify specific Web content, (e.g. log-in box) automatically thus verifying site identity. To authenticate content, consumers simply roll their mouse over the content they want to authenticate and they will see a highly visible “green is good to go” border on verified content. Importantly, since the verification process takes place outside the browser, it protects consumers from mimic sites and fake indicators that can be spoofed within the browser.

Once consumers can verify the authenticity of the log-in box at a bank site, financial institutions can authenticate the consumer identity with Client Certificates on the users´ PC. These PC certificates are one of the most cost effective, simple and fully compliant two factor authentication solutions available on the market. With this authentication technology, consumers can conduct online transactions with no change to their current, normal online banking behavior thus freeing banks (and consumers) from having to use tokens, image recognition solutions or multi layered passwords.

“Consumers can now be empowered to avoid most phishing and pharming attacks with a new level of security. By making this highly sophisticated solution highly accessible to credit unions and regional banks, we believe that Web content verification will become a trusted and standard part of a consumer´s online process.” said Melih Abdulhayoglu, President and CEO of Comodo. “SVT is a revolutionary approach to providing mutual authentication because for the first time consumers can proactively protect themselves against phishers and banks have an easy way to authenticate end users. Together, this breakthrough approach to mutual authentication is being adopted by community banks and credit unions as one of the most effective and efficient approaches to trusted online financial interactions.”

Leave a Reply

Low Assurance SSL-based Phishing Attacks Against Banks and Credit Unions on the Rise

By | February 17, 2006

Comodo Inc., a global leader in Identity and Trust Assurance (ITA) Management solutions, announced today a new initiative to help consumers re-establish trust in online interactions which has been eroded through the issuance of low assurance SSL certificates. Comodo´s new technology called SVT (See. Verify. Trust.) is being incorporated into its VerificationEngine (VE), a free downloaded reader that gives consumers the ability to verify Web content with a simple mouse roll over. Consumers can use VE today to authenticate the site logos of many financial and company sites.
Continue reading

Leave a Reply