On May 31, 2011, “Kassensturz”, a popular consumer magazine on Swiss TV, will look into e-banking systems as offered to customers of Swiss banks. Members of the CSG participated in evaluating the usability and security of e-banking systems of Migrosbank, UBS, Raiffeisen, Berner Kantonalbank and Postfinance. Due to the legal situation in Switzerland, a security evaluation – in this case tantamount to a limited penetration test – could only be carried out with the explicit consent of the banks concerned.
In our security evaluation we mimicked a real case of an e-banking fraud attempt, in which an on-going session of an e-banking customer was hijacked by cyber-criminals. The hijackers managed to initiate a transfer of a five digit amount to an account presumably under their control. Ultimately the off-line anti-fraud system of the bank detected the anomaly and blocked the attempted scam.
On behalf of Kassensturz we investigated to what extent the e-banking systems under test are vulnerable to the same type of session hijacking as in the real case. The results vary significantly.
Don’t miss “Kassensturz” on May 31st, 21:o5 hours, Swiss TV SF1. http://www.kassensturz.sf.tv/