From: "Sean Donelan" <sean@donelan.com>
Unfortunately there are a lot, and growing number, of self-infected PCs on the net. As the banks point out, this is not a breach of the bank's security. Nor is it a breach of the ISP's security. The user infects his PC with a trojan and then the criminal uses the PC to transfer money from the user's account, with the user's own password.
Banks use passwords for authentication? That's what scares me. Personally, I find it terrifying that banks allow such weak authentication as a password for financial transactions. To the best of my knowledge, all banks around here use a smartcard based system. It might be a bit more inconvenient, but the added security makes it well worth it, in my opinion. It may not be a breach of the bank's security as such, but the measures they take in order to protect their customers' money is in my opinion so low that, IMHO, they are the ones guilty of negligence. -Kandra