The Anatomy of A Cyber Crime
According to Consumer Reports, Cybercrime has cost U.S. consumers more than $7 billion during the last two years*. One alarming trends is the latest targets, the perpetrators are looting the online accounts of school districts, municipalities, churches, and mostly small to mid-sized companies. More alarming is the fact that these types of online commercial bank accounts are not protected by any U.S. Federal regulation. Most commercial/business account holders simply ASSUME that the bank or a federal law covers their financial losses. This is not true.
These cyber looters are traceable, however, the effective thieves are nestled on foreign soil, specifically, Eastern Europe. Many of these cybercriminals are part of organized crime cartels and, due to the holes within our computer programs, and the actual computer code, hacking banks with minimal security barriers, is as easy as, ‘Shooting Fish in A Barrel”.
The common fraud schemes
- MALWARE such as ZeuS or Z-bot – criminals infect the business computer(s) with undetectable programs, one ploy the ‘Trojan Horse’ comes in the form of an email that entices the use to click on a link or an attachment. Once you ‘click’ on the deceptive link, a malware program is loaded on your computer. The malware has the ability to ‘turn on’ once you visit an online banking site. Thereby the users’ username and password are stolen.
- “Phishing” attacks – this method deceives the account user through email ‘look-alikes’. They email message mimic the users’ bank, and a link will take the user to a website that is identical to the online banking URL. If unaware, the users inadvertently reveal sensitive information such as their username and password. In a 2004 MSNBC article, over 2 million Americans had their bank accounts raided by criminals through deception.
- Banks Information Systems Breached – Log-in credentials stolen. There has been a rampage of data breaches; banks claim these breaches relate to credit card fraud rather than online banking fraud, such was the case in 2009’s biggest breach, when Heartland Payment Systems lost 130 million credit/debit cards to hackers. However, customers’ username and password are also a target. Visit http://www.bankinfosecurity.com for more information.
- “Man in the Browser” – this newest thieving process intercepts actual transactions from the customer to the bank. The thief manipulates wire transfers while in progress, changing the wire’s dollar amount as well as the payee. The only way to avoid this virus, on a bank-security level, is to utilize transaction verification, since this technique makes it appear as though your transaction went through as processed by YOU, but the “man in the browser” will alter the information actually received by the bank. Out-of-band authentication would defeat this threat.
Changing your password periodically is common scene, and there are anti-virus, spyware and malware products you can buy and install on your PC. However, it’s hard for a business owner to become a cybercrime expert and stay ahead of the criminals.
As crafty and clever as these above-mentioned violations appear, there are solutions available directly to the banks; third-party software solutions can remedy much of the online banking fraud and protect your account. The technology exist that can stop much of the cyber-looting.
Why not plug these leaks?
While many banks have adopted multi-layered security deterrents, it’s a fact, many more banks, and/or their outsourced security providers only use minimal online banking security measures because new technology cost money.
Currently, many banks cry ‘identity theft’ when an account is looted, this loophole allows them to negate responsibility and place the blame on the account holder’s unsuccessful passwords choices. However, not all theft can be traced to the user, as noted above.
Besides, the bank offers the service, not simply for the users’ convenience, but because online banking saves banks millions of dollars in operating expenses.
Ultimately, if Federal Regulation E were extended to cover commercial/business accounts, then banks would tighten security, since they would become responsible to cover the losses, and the business owner would not fall into peril after becoming an unsuspecting target.
After all, if an armed assailant came through the bank’s front door demanding money, the bank would be responsible for the loss. It is bank robbery.
Find out more about FEDERAL REGULATION E.