ENISA Launches New Position Paper on Security Risks in Online Banking Through European eID Cards

BRUSSELS and HERAKLION, Greece, November 26 - The EU's 'cyber security' Agency, ENISA (the European Network and
Information Security Agency) today presents its new Position Paper. The paper
is focusing on authentication risks with European eID Cards. It analyses 7
vulnerabilities, identifies 15 threats and gives security recommendations.

Major European eID interoperability projects, such as STORK and its
successor ELSA are aiming at a European-wide take-up of new technologies. In
this context, ENISA takes an independent look at the security risks related
to online banking authentication by comparing smart eID cards with other
authentication means in its latest Position Paper (
www.enisa.europa.eu/act/it/eid/eid-online-banking/).

Online banking in one of the most widely-used electronic services by
European consumers. It is a strategic service for financial institutions and
users. With 24 hour service availability, it is extremely convenient. It is
often without any extra costs; or even at reduced costs compared to
traditional banking processes. However, online banking fraud is on the rise.
Thus, security is a major concern both for online banking, e.g. tax
declarations. The report also includes a case study on privacy issues when
authenticating with smart cards to online social networks.

The Agency report explains that because more and more internet
applications require authentication, more standardized approaches to user
identification and authentication are needed. In Europe, several states have
already rolled out electronic ID cards. The first steps when we use internet
services are usually to identify ourselves by our names and then authenticate
that it is us. The security levels for these steps can vary from a simple
combination of username, password, through a secret PIN, to credentials
generated by some external device or a smart card using cryptography. Smart
cards are increasingly being used for authentication purposes. Many European
identity cards contain a smart-card chip, with functionalities for online
authentication.

The ENISA Position Paper defines a comprehensive list of requirements for
national ID cards to ensure that they become as flexible and as multi-purpose
as possible.

The Executive Director of ENISA Dr Udo Helmbrecht concludes: "Electronic
identity cards offer secure, reliable electronic authentication to Internet
services, but banks and governments must cooperate better to be able to use
national eID cards for banking purposes."

Download the full report
( www.enisa.europa.eu/act/it/eid/eid-online-banking/ ).

For interviews: Ulf Bergstrom, Press & Communications Officer, ENISA, press at enisa.europa.eu, Mobile: +30-6948-460143