Phishing and Countermeasures in Spanish Online Banking

Abstract

This paper surveys the current situation of phishing attacks in Spain and discuss some of the currently used countermeasures. Based on specialist interviews we estimate the costs of phishing to both individual clients and the banks. The focus of this paper is on authentication and transaction signing methods. We give examples of ”two-factor”and ”two-factor, two-channel” authentication and transaction signing methods that are more resistant to phishing than the currently used username/password + coordinates card method. We consider the costs usability and security of these more robust methods.