Banking Industry Continues Its Fight Against Cybercrime

Sue Marquette Poremba

As I was reading some older articles here, I came across this piece by Susan Hall, where she wrote:

A new class of malicious software is directed at online security technology implemented by Bank of America and other financial institutions, reports Washington Post blogger Brian Krebs.
It thwarts the "site key" technology designed to prevent theft of user names and passwords from a victim's computer. The unique picture upon log-in is supposed to assure users that it's not a fake site, but hackers' technology has allowed them to steal the "site key" and store it with the user's sign-in information.

The article is from 2007. Nearly three years later, banks continue their uphill battle to fight hackers and other cyber bad guys, especially as e-banking transactions for both consumers and business increase. In fact, in those three years, cases of cyber attacks and fraud have been on the rise. According to the FDIC, in the third quarter of 2009, hackers stole $120 million. Small businesses are also being hit by the increase in banking cyber crimes, but their commercial deposits aren't covered by the same protections as consumer accounts.

 

In his ComputerWorld article, Jaikumar Vijayan wrote:

Thieves obtained a business's valid banking log-in credentials by illegal means. The hackers used the stolen credentials to send money from the accounts to overseas bank accounts via wire transfers.
Banks, by and large, have mostly contended that the thefts occurred because the victims failed to adequately protect their banking credentials.

The increase in bank crimes is due to the rise in password-stealing botnets like Zeus and more sophisticated attacks. Vijayan's article addresses the need for improved monitoring and authentication tools.

 

Steps are being taken. Security vendor Trusteer recently introduced its Flashlight service, which will enable bank security officials to more quickly identify malicious software programs used by customers. In a PCWorld.com article, Jeremy Kirk wrote:

The scenario under which Flashlight would be used is if a customer calls a bank to check on a possible fraud. The fraud investigation team would ask the person to install Flashlight, which can detect if the browser has been previously tampered with. The customer would be asked to send a log report, which can then be analyzed while the customer is on the phone.


Add Comment      Leave a comment on this blog post
Dec 10, 2010 11:25 AM Aaron Aaron  says:

With continuously advancing consumer-focused banking technologies, cyber hackers continue to up their game as well.  In addition to targeting consumers, hackers are also focusing on compromising the security of the banks themselves.  The need for a comprehensive enterprise-wide information security and protection strategy for even the smallest community banks has never been more vital.  More of our customers than ever have really been emphasizing this across all branches.  Any other bank tech vendors out there seeing this too with their customer base?

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.