Out-Law / Your Daily Need-To-Know

Banking regulator warns of spyware on public computers

27 Jul 2005, 12:36 pm

US banks have been told to do more to protect themselves and their customers against spyware in new guidance from the industry watchdog that says customers should be warned against using PCs in hotels, libraries and cafés for online banking.

The guidance from the Federal Deposit Insurance Corporation (FDIC) is a reaction to the growth of spyware, the term for software that is deposited on a computer without the user's knowledge and can then send information in secret from that computer to others.

"The information collected through spyware can be used to compromise a bank's systems or conduct identity theft," said Michael Zamorski, Director of the FDIC's Division of Supervision and Consumer Protection. "So it is critical that banks stay vigilant about the risks involved with this malicious software, and take appropriate action so that they and their customers do not fall victim to it."

In particular, banks should consider spyware threats as part of their general risk assessment process, according to the guidance.

They should enhance security and internet use policies and enforce them properly, so that user behaviour and spyware risks are better constrained. Employee training and customer education are also priorities.

The FDIC also says that customers should be advised of the risks in using public computers – such as those in hotels, libraries or internet cafés – to connect to online banking websites because of the uncertainty of what spyware may have been installed on the public equipment.

Finally, banks should look at implementing multi-factor authentication methods, which should make it more difficult for identity thieves to access accounts.

The growth of spyware was highlighted on Monday by the publication of research by security firm ScanSafe.

This found that outbound spyware transmissions on infected machines now account for up to 8% of total outbound web traffic, on some of the networks tested.

ScanSafe says this statistic is most startling when it is considered that spyware is at its most damaging when capturing confidential information and transmitting it outside of the local area network or performing a so called “calling home” action.

“It’s clear that traditional methods of preventing spyware infection are not working and companies must re-think the way in which they tackle this escalating problem,” said Roy Tuvey, director and co-founder, ScanSafe. “By far the most effective strategy is to protect corporate data by cutting out threats before they can reach the network and before they have a chance to penetrate and corrupt security and operating systems.”