Before there was phishing there was keylogging. Rember the controversy in South Africa a year ago? Turns out keylogging may be harder to contain than phishing. An article in today’s Wall Street Journal discusses the case of Robotector who unleashed a virus that captured usernames and passwords when victims logged into to any of 30 major banking and payment sites.

What’s a bank to do? There are lots of ways to fight the cyberthieves, but the most important one is to add an additional layer of authentication for moving money out of the bank. We’ve been recommending this for nearly 10 years, but it’s been a low priority due to the relatively low levels of losses experienced online. Well, the times have changed, and it’s time to make authentication a top priority for 2005, or earlier if you can work it into the budget. In the meantime, keep educating users and crossing your fingers.

See Online Banking Report for more details on fighting phishing and other security problems.