Beating Transaction-Signing Protection
Some banks are fighting criminals by having customers use card-reader transaction-signing systems to authorize each and every transaction. Users receive a reader and chip/PIN card and are required to authenticate each transaction by entering details in the reader, such as amount and payee number. The transaction generates a code that banking applications validate against the details. To bypass this security, criminals have developed malware that waits for customers to log on to a bank's Web site and then changes the content of the post-login transaction to a message telling customers of an upgraded security system. The training process for the system includes making a money transfer to a fictitious bank account. If customers fall for the ruse, then they end up sending money to the fraudster.