Bank raid gets around two-factor authentication

Computer & Internet Security News
19 April 2007
Bank raid gets around two-factor authentication
By Matthew Broersma, Techworld

Attackers have successfully invaded the accounts of several customers of Dutch bank ABN Amro, despite the bank's use of two-factor authentication.

The bank has compensated four users for funds stolen from their accounts in the attack, the bank said. It said it is pursuing the thieves, and said the robbery was due in part to unsafe PC usage.

ABN Amro is one of the more progressive banks where it comes to adopting new security technologies, and has recently rolled out a biometric identification system for authenticating the voices of telephone banking customers.

Banks argue that two-factor authentication, which combines the use of a token with normal passwords, is necessary for more secure banking. But security experts have long pointed out that such systems are still vulnerable to attack.