Better Authentication Needed to Counter Man-in-the-Middle Attacks

RSA have reported the discovery of a “Universal Man-in-the-Middle Phishing Kit” offered for free trial on an online fraudster forum. The kit enables fraudsters to create a fraudulent URL via a simple online interface, to intercept and capture customer account details in real-time. It’s a disturbing but inevitable development, providing a more powerful and sophisticated capability to the ordinary criminal. And it highlights the need for all organizations to raise their game in both-ways authentication.

User and customer awareness helps but that won’t stop the problem. Because there is a sizable percentage of people who will not understand, forget or blatantly ignore the advice.

Strong authentication technology has been with us for years. It costs money but it reduces fraud and provides assurance for all parties. Too many organizations have traditionally relied on a reactive approach, hoping they can respond with a solution before the cost of fraud hits a damaging level. But this strategy breaks down when the threat grows much faster than the speed of implementing a fix. And phishing attacks are highly visible to customers. Your reputation is on line as well as your money.