Author: Jon Endre Gjærum, Protectoria

In Norway we have over the years had low rates of online banking fraud. There are likely several reasons for this, probably a combination of good cooperation between the banks, our native language and a large number of small banks.

I had a quick discussion with my bank not so long ago – where I asked how come they did not have a bullet proof solution for authorizing transactions. The reason for me asking being that I was about to transfer a large amount having bought a car. For that reason I had read the terms and conditions laid out on the banking website that states clearly that they will not guarantee my money is safe in there bank if my device has malware on it.

The end of that story was basically that I as a user have a responsibility of keeping my device clean from malware. As we all know – this cannot be done by 99 % of the normal internet users – even if you are careful about the websites you visit. So the conclusion was thereby that I could pay fee´s and commission to my bank as much as I like – but they do in return offer me no guarantee that my money will be safe with them. I find that kind of fascinating – banks have basically moved away from the core offering or value proposition – “we keep your money safe”.

I have not worried to much earlier on regarding this – because the Norwegian BankID have seemed to me to be a more sophisticated solution than a lot of other international banks authorization solutions.

This is changing – both malware are getting very sophisticated and international banks security solutions for authorization has closed the gap that the Norwegian solutions had before with respect to security.

To get an idea of the kinds of malware out there – I could leave an endless trial of links to malware attacks. This time I leave you with an example of malware seen recently luring malware into your Android device by tricking users to install a bogus Flash Player. (https://threatpost.com/phony-android-flash-player-installs-banking-malware/121696/)

I say that it´s time for banks to listen to the new PSD2 regulations – and get the core value proposition up and running again – “we keep your money safe”