Two-Factor Authentication Risks: Cyber Attacks Against Banking Systems

Two-factor authentication -- used to protect online bank accounts with both a password and a computer-generated one-time passcode -- is supposed to be more secure than relying on a single password. But Gartner Research VP Avivah Litan warns that cyber criminals have had success defeating two-factor authentication systems in Web browsing sessions using Trojan-based man-in-the-middle attacks. A Gartner Research note written by Litan explains that in the past few months, Gartner has heard from many banks around the world that rely on one-time-password authentication systems. Accounts at these banks have been compromised by man-in-the-middle attacks -- the report uses the term "man-in-the-browser" -- despite the use of two-factor security.

One technique that the fraudsters have been using to bypass security controls is call forwarding.

The link for this article located at Information Week is no longer available.