Virtual keypads pose security risk

Several financial institutions, such as Citibank and Nationwide, are using virtual keypads to allow punters to enter their IDs and PINs but, according to a Spanish IT security firm, the systems are wide open to fraud.

The firm, Hispasec Systems, has developed a proof-of-concept Trojan horse application that can install a keylogger on to a users' PC and so record the virtual keypad interactions.

Which is kind of ironic, as these types of keypads were developed to prevent direct data entry snooping.

According to Hispasec, the logger operates in the background on users' PCs, so punters have no idea they've been hit - until their bank account etc., starts being hit by withdrawals.

Bottom line? It looks like no e-banking system yet released is 100 per cent proof against fraud. But I guess you probably knew that already...