ASC :: News and events

Members Section

News

New full and affiliate members Pierre Burger, Philip Prestage, Colin Przystupa, Roger Noakes, John Fleming and James Wheeler were presented with their membership certificates by Roy Sutherland, Chairman, at the recent Association of Security Consultants (ASC) quarterly Business Club Seminar held recently in St. James's, London.

'ID theft risk' on bank websites

23/10/06

Three UK banks are failing to prevent the possible theft of online customers' identity reported by the BBC

An online security company has warned they have failed to make their banking websites more secure against phishing attacks. In September, Heise Security showed how the sites of six banks could be spoofed so that criminals could steal details of their users' identities.
Cahoot, Bank of Scotland and First Direct say they are fixing the problem.
Spoofing. Heise first revealed the potential problems in September it showed that it was possible for a fake or spoofed page to be inserted onto the web sites of six online banks, with no chance of ordinary customers being able to detect that anything was wrong.
These security issues have been known for years, said Mr Henning.
They should have been tied up a long time ago.
The flaws could have lead to customers typing in their security details which would then be collected by the fraudsters. Since then the Bank of Ireland has changed its site so this can no longer happen, and so has The Link. NatWest has also taken some steps.
Rob Skinner, spokesman for First Direct - part of the HSBC group - said the bank had been testing its website security rigorously since the problem was first revealed. We are updating our security this week to address this matter, he said. There are no cases of anyone actually doing this.
A similar response has come from the other two banks pinpointed by the research, although they argued that the security risk was slight. A Cahoot spokeswoman, Morag Fleming said: Cahoot is aware of the theoretical risk of which Heise has reported. We have been working on eliminating any potential risk from spoof framing and will have a permanent fix in place shortly.
Jason Clarke, a spokesman for the Bank of Scotland, said: We do not believe the issue identified constitutes a significant risk to the vast majority of customers. However, we have taken steps to resolve the matter in the interests of maintaining the highest levels of security. Work on the BoS site and should be complete no later than next week, he added.
Last month a report on fraud against online banks claimed that so-called phishing attacks had risen by 800% in the year to August. It said that month there were 1,484 such incidents among UK online bank customers.
The report, published by Apacs, suggested that of the 15.7 million people who regularly operate their current, savings and credit card accounts over the internet, only half a million - nearly 4% - would respond to unsolicited emails asking them to divulge their security details.
But 35% recorded their password or security information in writing or somewhere near their computer. And nearly two thirds never change their password, while one in five use the same password for other websites as well as their online bank accounts.

Left to right: Laurie Doust (ASC Secretary), Keith Carey (Salto Systems), Ramesh Gurdev (Salto Systems), Roy Sutherland (ASC Chairman)

Left to right: Simon Lambert (ASC Member), Roy Sutherland (ASC Chairman), Kevin Quinn (Acting ASC Secretary).

Roy also welcomed back Laurie Doust, ASC Secretary, from his most recent journey and said that "if Laurie goes on any more cruises, we'll have to club together and buy him a boat!".

Salto Systems sponsored the event, with Keith Carey giving an introduction to the company. Keith then handed over the meeting to Ramesh Gurdev, whose presentation included available access control technologies and how to increase access security. Ramesh concluded by giving a fascinating insight into the future of access of control, including trends and solutions.

Robert Powell of Integrated Payment Solutions provided information about Smart Cards and how the applications can be integrated. He also gave details about campus and company wide solutions. Robert concluded with his thoughts about facts and fictions of the Mifare world which were of great interest to the capacity audience.

An insight into the role and charitable aims of the Worshipful Company of Security Professionals (WCoSP) was given by Andrew Knights, Treasurer of the WCoSP.

Simon Lambert (ASC Member) gave an excellent and light hearted insight into the problems that can be faced when deciding what digital video recording systems to buy and install. His candid thoughts were well received by the audience.

Roy Sutherland brought the formal proceedings to a close by thanking all those who had provided the interesting presentations and to Salto Systems for sponsoring the event.

Roy reminded everyone that the next Business Club Seminar will be held on 9^th September 2010. He also mentioned that CONSEC, the ASC's annual international conference and exhibition, will be held on Thursday, 4 November 2010, at the RAF Museum at Hendon. He indicated that another exciting programme is being finalised for this year and that there are only a few spaces left for exhibitors.

Everyone then adjourned to the bar and to partake of a vast and delicious buffet luncheon, and to take the opportunity to chat with old friends and make new ones.

The ASC organises a number of prominent events during the year, which are of importance to both ASC members and others who are interested in security issues and technical innovations.

ASC

Association of Security Consultants

Archives