HSBC is upgrading the security of its online banking with an improved digital-validation certificate, which confirms that the information users are sending is going to the bank and not a phishing site.

Customers using the online banking site will notice the address bar of their browser turn a “reassuring green” when the site is legitimate, explained HSBC senior manager for group IT security, Barry Jones.

“It confirms that any personal information they supply on that page will go directly to HSBC and no one else,” he said.

HSBC is the latest high street bank to upgrade its online security following suggestions that the introduction of chip and pin card technology has diverted the attention of fraudsters from card duping to other potential areas of fraud, notably phishing and ‘card not present’ transactions.

Chip and pin cards, now standard in the UK, prevent fraudsters from producing counterfeit cards using stolen credit card details, however these details can still be used in online or overseas transactions in countries where the authentication technology has not been implemented.

The total cost of online fraud to the UK economy is hard to estimate because banks are reluctant to reveal the scope of the losses, but a government-sponsored study by PricewaterhouseCoopers found the amount could be as high as £6 billion pounds.

Meanwhile, UK payments association APACS (Association for Payment Clearing Services) reported a 25% increase in card fraud last year following a two year fall, to an estimated £535 million. It attributed the rise to a 70% increase in fraud originating from overseas.

“‘Card-not-present fraud’ is a major problem which is not going away and is getting worse as criminals increase their efforts to steal from retailers," said Paul Simms, CEO of credit card fraud prevention company The 3rd Man at last week’s Infosec conference in London.

The key to preventing card-not-present fraud is behavioural analysis, Simms explained, but that this was not a cure.

“Behavioural analysis detects around 80% of all attempted frauds, but retailers can be stung by exactly the same fraud committed with another retailer,” said Simms.

Technology expert in the House of Lords, Lord Erroll, also present at the conference, observed that “technology alone isn’t going to protect people.”

“There will be people who do things wrong and are stupid and get conned,” he said.

Growing concern over information security is fuelling the market for security software, which is expected to reach $10.5 billion worldwide this year, an 11.2% increase on 2007, according to research firm Gartner.

Principal research analyst Ruggero Contu said security spending is driven by a variety of pressing concerns, “the most immediate of which is the need to 'keep the bad guys out' through defensive measures such as next-generation firewalls.”

“However, the 'let the good guys in' discipline, such as identity and access management, is where business benefits and returns on investment can be more clearly shown,” he said.

Further reading:

Lawsuit casts doubt over safety of chip and PIN A well-placed source at a major high street bank told Information Age that banks have long known of the problems regarding chip and PIN technology.

PCI: Plastic pain IT and compliance chiefs are questioning the simplicity of the new PCI payment card security standard.

Find more stories in the Security & Continuity Briefing Room