The FBI is advising small businesses – the same ones often operating on a shoestring – to use a dedicated PC for their online banking. It would seem that hackers are targeting small businesses, universities, and local businesses with keylogging malware – that is, software that records the keystrokes typically used to enter a password, credit card number, or other sensitive data.
In the last two years hackers have stolen over $40 million from small to medium enterprises that typically don’t have the resources or tech expertise to protect themselves from such attacks. They often do business with small banks and credit unions, which are typically considered “low hanging fruit” for hackers. Channel-Pro SMB interviewed our very own Stuart Morris about this issue, and the write-up points out some key issues – like the impact this can potentially have on small to medium businesses.
The solution the feds propose is a dedicated computer used only for banking. They recommend it because malware is often installed when surfing the net, gaming, emailing, and downloading programs. It isn’t fool-proof though. Crooks are smarter than we like to think and a computer dedicated to online banking isn’t a surefire way to stop them. And logistically, unless we’re talking about sole proprietors, it becomes both a hassle and prohibitive expense when every person who needs access to banking information requires a separate computer to do so.
Hey! I have an idea! What if banks, e-commerce sites, and other agencies requiring sensitive login procedures found a way to protect their users and consumers from this type of fraud? Is it possible? Is it plausible? What is this, 1976? Of course it is! And it has been for years.
The only real way to stop keyloggers is to stop typing passwords. You know how you use your mouse to click on buttons on the computer screen? There’s no reason banks couldn’t use a clickable keypad on the screen to replace password typing, or even credit card entry. And guess what? It’s already being done. There’s a system that first recognizes the user and generates a customized keypad for them. If your keypad doesn’t look right you know you’re on a fraudulent site. When you see the keypad you recognize, you use your mouse to key in your password. Easy, breezy. And keyloggers don’t have a chance. (Neither do man-in-the-middle, man-in-the-browser, or any host of other hackers.)
Wanna give it shot? You can. Go ahead – try it now. I’ll give you a buck – a whole greenback for the minute you spent – if you think it’s too hard to use.