Hackers Zero In on Online Stock Accounts
It's been only a question of time:
Hackers have been breaking into customer accounts at large online brokerages in the United States and making unauthorized trades worth millions of dollars as part of a fast-growing new form of online fraud under investigation by federal authorities.
(washingtonpost.com in Hackers Zero In on Online Stock Accounts)
Maybe using a proprietary client software for that kind of application is not a bad idea after all. It will need to communicate with the server over some kind of remoting protocol, but that communication can be encrypted.
There is another problem:
One way is by placing keystroke-monitoring software on any public computer in a library, hotel business center or airport.
Probably the login for such critical application should require an external device where the user enters a PIN or key of kind. German banks have been offering such a solution for home banking, but unfortunately not a lot of people were willing to buy the devices. Another drawback is that the user won't have access to his account on the road unless he carries a laptop and the device. But a little inconvenience is better than to loose a large amount of money.
