RSA are publishing a report warning of increasing attempts by cyber criminals to intercept online banking SMS messages which are used to authenticate users for online services.
Authentication tokens (normally a randomized six digit number or similar code) sent by SMS are becoming more and more popular. For example, The Commonwealth Bank of Australia claims that 80% of its online customers use their NetCode SMS service for authentication and have recently announced that the service will now be mandatory for “higher risk” transactions. The knock-on effect will be that hackers will increase their efforts to intercept these SMS messages to gain access to online accounts.
This warning comes at a time when it is now possible to eavesdrop GSM phones with cheap off-the-shelf equipment. Of course, a two step authentication process (username/password and then authentication token) is much better than just simple login authentication. However a better and more secure approach is the use of a hand held card reader which in combination with your bank card and PIN generate a unique, one-time code for use during login.
You can read more about this on ZDNet Australia.
