MRG Effitas, a UK-based independent IT security research company publishes an Online Banking Certification Report every year for the last four years. Since 2013, that single report has been replaced by quarterly assessments.
The main purpose of the report is to show the ability of different products in detecting and blocking various financial malware and keyloggers.
As these two security threats have always been and still are major security issues due to the fact that they purpose is to grab user’s name and password from places that are used for online transactions. Another thing financial malware and keylogger can do is to steal login credentials from popular social networking websites such as Facebook, Twitter, LinkedIn, etc or any other platform you share your private data with.
In this assessment (Q2 2016) they ran the following tests:
- In-the-Wild Real Financial Malware Test – (86 live ITW samples were used)
- Botnet Test – (detection of financial malware such as ZeusVM/KINS, SpyEye..)
- Simulator Test – Powershell keylogger test (Tested of the oldest techniques to steal)
- Simulator Test – (API hooking simulator test)
The below tables show the results and capability of different products tested in the Online Banking / Browser Security Certification Program.