There are a couple of recent measures against keyloggers that banks have started using.

One is a “reverse pin” algorithm. The customer is instructed when transferring funds to enter their PIN numbers in a specific order (such as in reverse, or the third and fourth digit switched.  The bank then transliterates the sequence into the correct order on the back-end (thanks Catherine).

Another is where customers enter their information by mouse-clicking on a virtual keyboard (CitiBank uses this, click here for an example).  However, we’ve already seen evidence that this can be fairly easily hacked.

Another idea is to tie the password in with the website URL at the time of the transaction.

More is needed.  I have seen my fair share of compromised systems.  Authentication is old news.  Banks, right now, need to work with the belief that their customers have had their account information and PINs stolen. 

Alex Eckelberry