So If We Understand The Problem, Why Can't It Be Fixed?
The problem is real, and fairly well understood, but not simply solved. The current situation is tolerated because of two important reasons. First, the costs are insured, and the threat spread across such a wide spectrum of institutions that it is not entirely prohibitive to 'allow' it to occur. Second, consumers are generally apathetic and ambivalent if they have not been personally affected by online fraud, and are therefore less inclined to deal with the learning curve necessary to resolve the issue.
In a nutshell, the cost and difficulty of marketing, selecting and implementing a solution has been greater than the extent of the problem. At least, until now!
The US FFIEC has produced guidelines for a minimum standard of security called 2 Factor Authentication.
In the subsequent articles in this series we will continue to look at online fraud and means to defend against it. As we proceed, the focus will be on security hardware and strategies, and at that point the content will get more technical. However, the articles will continue to use plain language, for the benefit of an audience that is not conversant with hacking.
Pat McKenna is a Security Consultant and CTO with 2SA Plus, a company specializing in 2 Factor Authentication and matters of identity management. He is 45 and has been in the IT business for 15 years, during which he has held many positions including company director. Prior to a career in IT, he worked in the security and intelligence field. He is proficient with many computer languages, old and new, and has trained hundreds of programmers.
His hobbies are chess and penetration testing (aka ethical hacking).
You can contact him at firstname.lastname@example.org (web:http://www.2saplus.com)