Banks told how they are struggling with attempts to remotely hack cards

    Gazprombank’s application blocks the client’s entry if a remote access program is installed on his smartphone – a credit institution warns that fraudsters can steal bank data with its help. Whether such an approach can protect customers from intruders, and how widespread this decision is among banks, representatives of credit organizations and information security experts told RIA Novosti.

    Russians previously warned of the type of credit card fraud, based on the legal and popular TeamViewer program and its analogues. At the same time, unlawful actions do not occur automatically due to the presence of such a program on the smartphone, says Alexey Drozd, head of the SearchInform information security department. First, the fraudster convinces the victim to install this software on a smartphone, then he lures out the connection information – ID and password.

    After that, the fraudster already uses TeamViewer functionality for remote control of the smartphone, says Maxim Fedyushkin, Kaspersky Fraud Prevention head of department. However, Gazprombank decided to insure against intruders taking control of the client’s phone. “We carefully studied the security policy of TeamViewer and similar applications. Unfortunately, they potentially pose a serious threat to the security of our customers’ funds. An attacker can use the application to gain access to the Internet bank – we regularly record such attempts, ”the bank said.

    Nevertheless, Gazprombank is ready to meet its customers and “in some cases allow the use of TeamViewer to those who are willing to take risks.” As Nikolai Anisenya, head of the Positive Technologies Mobile Applications Security Research Group, points out, the effectiveness of this method can be described with the words “better than nothing.” However, it is worth remembering that in addition to Team Viewer, there are many other remote access applications to the screen, the presence of which also needs to be checked, the expert added.

    However, most major players do not prohibit access to the mobile bank if remote access software is installed on the client’s device. “We do not use such schemes, but use antifraud based on the financial component of transactions,” said Vyacheslav Kasimov, director of the ICB’s information security department. Uralsib also said the same, they also explained that such activity, according to the bank, is necessary when protecting against malicious applications, but they have their own identifiers that can change at least for each individual user, therefore this protection method does not work practically in 100% of cases.

    Rosselkhozbank and Rosbank monitor the client’s device for potentially unsafe applications and software for remote access, but they do not prohibit access to the mobile bank. “The fact of the presence of unsafe software is not a threat to the functioning of the mobile bank and is also not an unconditional sign of unauthorized persons managing the mobile bank,” the RSHB press service said.
    Information on the availability of a remote access application on the client’s device is used by a credit institution as part of monitoring and decision-making on countering electronic fraud, explained Mikhail Ivanov, director of the information security department of Rosbank. Signs of a remote connection for one user may be peculiar, for another – a signal to the bank about the need to contact the client and clarify the situation, added Ilya Suloev, deputy director of the information security department of Otkritie Bank. (Source: rambler)

    Leave a Reply