The Bankwatch blog has a quick note on how two-factor authentication and token are perceived as being synonymous, when in fact technology such as PassMark can provide the required second form of authentication required to really judge the authenticity of a person performing a transaction.
Even better though, the post points to an easy to read paper by Ross Anderson, Professor of Security Engineering at Cambridge University. This talks not only about the different types of scams, like Phishing, but the importance of internal controls within financial services organizations that front end technical security supplements.
These forms of authentication are the first line of defense and it seems that those banks with poor internal controls typically become the focus for online fraud. Since there is a much lower risk to the criminal that the bank will either notice a problem or be able to recover assets, this makes the effort to get around the primary security more likely to be rewarding. Cyber-crime moves to the easiest target. And when this becomes newsworthy, customers get the impression that their investment is not being well protected. Brand damage is a high price to pay when people trust you with their money.
A post from the Improving New Account Opening blog