You are on page 1of 1



Combating security threats online

Canadian banking industry invests in infrastructure to keep clients’ information secure on the Web
Tips for online

nline banking clients are a
potential target as increas-
ingly sophisticated Internet
banking clients
attacks aim to grab critical Here are some tips from the experts on
financial information. how online banking clients can protect
Today’s attacks are taking place themselves against phishing attacks —
more frequently and faster than ever phoney e-mails that attempt to extract
before. Banks and other protectors of valuable personal financial information.
sensitive online information now face
threats from so-called “zero-day” ■ Be aware that authentic banks will nev-
attacks, says George Kerns, president er request that their clients divulge per-
and chief executive officer of Fuse- sonal information, such as account num-
point Managed Services Inc., a man- bers and passwords, in an e-mail.
aged IT solutions provider headquar- ■ Authenticate the website you are going
tered in Mississauga, Ont. to is genuine by verifying that it has a
“The whole point of a zero-day secure sockets layer (SSL) certificate.
[attack] means that within 24 hours of ■ Never click on a link in a suspicious e-
most things being known, they’re mail. Instead search out an official bank
exploited. [Consequently], there’s
very little time to be able to fix it
URL site via your browser bar.
before there’s some kind of impact.” ■ Never download an attachment from a
The banking industry in Canada suspicious e-mail. It may consist of a
devotes substantial time, effort and virus or spyware.
money to combat such threats, stress- ■ Contact your bank immediately if you
es Maura Drew-Lytle, director of suspect somebody has tried to emulate
media relations and communications them online.
with the Canadian Bankers Associa-
tion (CBA) in Toronto. Often such correspondence
According to the CBA, clients of the involves urgent requests for banking
six largest Canadian banks alone — clients to validate their credentials or
RBC Royal Bank, BMO Bank of Mon- register for a type of service when
treal, TD Bank, Scotiabank, CIBC and MALCOLM TAYLOR/CNS they log onto a false site with their
National Bank of Canada — went Stewart Wolfe, KPMG LLP’s leader of security services for the Greater Toronto area, says online banking user name and password, so perpe-
online to record nearly 394 million customers need to arm themselves by becoming aware of the security threats they may face. trators can capture the sensitive per-
financial transactions in 2007. In 2006, sonal information needed to commit
those same banks spent a total of $4.4 information security officer at BMO, ed personalized questions to make tion attempts,” Wolfe adds. further crimes, adds Wolfe.
billion on their technology infra- says the enhanced sign-in features sure that it is indeed the client who is This is one reason why additional “A bank will never send you an e-
structure; between 1996 and 2006, include a personalized graphic and attempting to sign on, explains Dunn. protection, such as a secure sockets mail asking you to verify your per-
inclusive, they invested $37.6 billion. customized phrase users select to But firewalls alone don’t provide layer (SSL) certificate issued by an sonal information,” says Drew-Lytle.
“The banks have a lot of personal appear after they enter their card enough security. While a firewall can authorized third party to certify that “They already have it.”
financial information on their cus- number. This graphic and phrase act as an infrastructure layer to try to a web server belongs to the company Consequently, it’s essential for users
tomers, so they understand that pro- combination helps identify the web- prevent unauthorized access for cer- it purports to be is essential. Such cer- to authenticate that the website they
tecting that is certainly one of their site’s authenticity, after which the user tain services, “most hackers today tificates include 128-bit encryption. enter is genuine, and never give out
most important jobs,” says Drew- can sign in with their personal identi- break into the web applications,” Customers can also arm themselves sensitive financial information unless
Lytle. “The banks are always imple- fication number. This works two which in an online, worldwide bank- by becoming aware of the threats they they are certain it is. The best way to
menting new security procedures” to ways: “It gives the customer a confi- ing environment allows them to more may face and what to do about them. do this, Wolfe says, is to verify the SSL
ensure customer safety, she adds. dent feeling they are at a legitimate easily bypass firewalls, says Stewart Phishing attacks, for instance, are a certificate by clicking on the lock dis-
BMO Bank of Montreal, for instance, website” and also provides the bank Wolfe, KPMG LLP’s leader of security prime example of a malicious attempt played by the Internet Explorer
offers clients a number of protective with assurance the customer is who services for the Greater Toronto area. to exploit banks and their customers. browser. A lock icon will appear when
measures. These include enhanced they purport to be, she notes. “Although application layer fire- The idea of a phishing e-mail is to get the address prefix in the browser bar
sign-in security to help prevent unau- BMO also monitors sign-in pat- walls provide a level of protection, the users on to a so-called “spoof site” changes from http to https.
thorized account access, multiple lev- terns. If, for instance, a person signs secure coding of applications from that mimics the appearance of an If clients are contacted by some-
els of firewalls, and 128-bit encryption on to their account away from the initial development to production authentic site, says Darrell Mac- body phishing for information illegal-
to ensure the safety of data passing computer site they normally transact release is key to providing Internet Mullin, country manager for PayPal ly, they need to contact their bank
between parties, among other features. from, the bank will prompt them with banking web applications that are Canada, an online payment solutions immediately, the experts say.
Lee Dunn, vice-president and chief a series of supplementary, pre-select- more resistant to malicious penetra- provider in Toronto. For Canwest News Service

Never fear,
safer Internet
is here.

Social media advocate Ben Watson cautions that social network users, such as his 14-year-old
son Sawyer, need to be wary of what private information they post online.

Social networking online

comes back to bite users
BY JULIE BEUN-CHOWN with the Internet as their play- what we put out there,” says Wat-
ground, such as 18-year-old son, who has a 14-year-old son,
It’s the kind of story usually K ayl e i g h K r i s t i a n s e n , s u c h Sawyer. “It’s not that people don’t
dismissed as urban legend — but actions are akin to a stranger loi- have embarrassing moments, but
this time, it’s true. tering at the gate. “People my age neither should we record them
In June, 20-year-old Joshua Lip- aren’t worried about privacy and share them with the world.”
ton was found guilty over a issues, because we’re so used to It’s a point made more
drunk driving incident that seri- having everything about our- poignant by that fact that every
ously injured another driver. selves on the Internet. But it’s post, uplink and video added
That he was charged wasn’t being turned around on us. We leaves a permanent Internet fin-
surprising. What was shocking use social networking to express gerprint that can be impossible
was that the prosecutor in the ourselves,” says the student from to erase, says Riel Roussopoulos,
case found an incriminating Oromocto, N.B., “and the fact that CEO of the Vancouver-based
Facebook picture of Lipton at a employers or the police will use Internet marketing and develop-
Halloween party held two weeks that against us is detrimental.” ment company IXLD Media Inc.
Get the most secure High Speed access. after the accident, showing him
dressed as a jailbird and sticking
It’s the price we will continue
to pay for the Age of Internet,
“This is critical,” he says.
“Young people are not thinking
Feel invincible online with the most comprehensive suite of security services. Protect your out his tongue. In court, the says Ben Watson, a social media about the fact that, 20 years from
prosecutor offered it as evidence advocate who has worked on net- now when they’re a CEO, a video
personal information with our Firewall and Anti-Spyware, automatically detect and delete of Lipton’s unrepentant ways. working for giants like Yahoo, they posted of themselves danc-
harmful viruses with Anti-Virus software, and rest easy with added security features like The judge concurred and gave Microsoft and Adobe, and is cur- ing drunk at age 18 will pop up on
the Rhode Island man a two-year rently vice-president of market- YouTube, with the 1,100 mes-
Parental Control and Anti-Fraud. Best of all, there’s no extra cost. sentence. ing for the Ottawa-based start-up, sages it accrued in the ensuing
It wasn’t the first time person- Overlay.TV. years. You may take it down, but
al content on social networking While he admits the potential if it’s been patched and replicated
Add High Speed to a bundle and save over 15%.* sites such as Facebook, MySpace, collision between social network on other sites, it’s impossible to
YouTube, Bebo and even blogs users and those who would use delete forever.”
have been used by employers, their online revelations against It’s a situation that begs for def-
police and institutions to keep them grows daily, the responsi- inition between public and pri-
tabs on individuals and take bility ultimately lies with mem- vate lives, he adds. “Now, it’s not
action against them. In March, a bers themselves. just celebrities who are subject to
Ryerson University professor “The Internet is an echo cham- public scrutiny, but everyone.
accused an 18-year-old computer ber that amplifies your voice and Our privacy is being eroded dai-
engineering student of cheating everything you do, times 100. So ly, period. That’s what the Inter-
for administering a Facebook if you’re an idiot, it’s no longer net is, and it’s changing the
Call 310-1144 or visit or your nearest TELUS authorized dealer. study group for his course, and just your neighbours, but the dynamic between public and pri-
gave him an F. world that knows it. We absolute- vate information.”
*Offer available until November 3, 2008 to residential clients in select locations who have not subscribed to TELUS High Speed Internet services in the past 90 days. Minimum system requirements
apply. Regular bundle rate starts on month 13. © 2008 TELUS.
For the generation brought up ly need to be more careful about For Canwest News Service