Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

How to protect your banking online

Practical steps to defend your transactions

Article comments

The rise in popularity and the pervasive nature of online banking over the last decade have been meteoric. The power of convenience has largely trumped customer fears about security, but there are signs that the tide may be turning. Perhaps exacerbated by the global recession and shocks to the financial markets, cybercriminals have been targeting business bank accounts at increasing frequencies over the last year, catapulting the conversation about online banking security into corporate realms. With cybercriminals readjusting their focus from individual to much more lucrative business accounts, this disturbing trend is now getting the attention of authorities such as the FBI, FDIC, and Department of Homeland Security, and has been described by many as a leading cybercriminal trend for 2010.

Particularly because employers are increasingly liable for these incidents, with Regulation E of the Federal Electronic Funds Transfer Act not protecting business accounts as it does for individuals, businesses must reexamine their online business banking practices to proactively protect themselves from such attacks and the associated potential monetary losses. Banks, too, must amplify their security practices to combat the tactics cybercriminals are now using to perpetrate this type of fraud.

Business banking attacks on the rise

Consider that in a single month this past August, no less than the FDIC, NACHA (the Electronic Payments Association), the Financial Services Information Sharing and Analysis Center (FS-ISAC) and IT advisory firm Gartner all published alerts about rising Internet threats to business banking.

The following month, the Senate Committee on Homeland Security and Governmental Affairs held a special hearing to discuss cybercriminals targeting small- and medium- sized businesses. New protective cybersecurity legislation has been introduced. Reports of victimised businesses continue to inundate the media into 2010, with several companies even sueing their banks.

The losses are substantial. The Washington Post reported that recent victims include a school district that lost $700,000 and an electronics testing firm that lost $100,000. One of Guardian Analytics' customers recently intercepted an attempted ACH transfer of $800,000 for a business banking customer in a scheme involving more than 80 smaller transactions arranged to be sent to unwitting mules. For many small- to medium-sized businesses, these types of losses are catastrophic and can potentially mark the beginning of the end if banks refuse to reimburse them.

Cyberfraud schemes becoming highly sophisticated

Cybercriminal activity is constantly evolving to capitalise on new profit streams. In the case of business banking, by stealing in amounts under $10,000 from business accounts, online fraudsters have managed to avoid triggering traditional fraud alerts. The malware used to initially gain access to accounts is often so well written that the connection comes from an authorised and authenticated computer—a legitimate computer and session that has been hijacked—circumventing even token-based authentication. The money is then transferred to "money mules," often recruited over Internet job boards, who unwittingly help fraudsters all the while they work for a legitimate company.

The use of electronic funds transfers—such as the increasing volume of automated clearing house (ACH) transactions for corporate payments—is making this channel a particularly attractive target for fraud. Historically low risk, the ACH network has recently expanded to include more participants and new types of non-recurring payments such as web-initiated ACH files. Over the past year, the FDIC has reported an increase in the number of reports and the amount of losses resulting from unauthorised transfers from business customers whose online business banking software credentials were compromised. A JP Morgan study found that 71 percent of financial institutions experienced attempted or actual payments fraud in 2008. This number jumps to 80 percent for firms with revenues more than $1bn.

Corporate account takeovers employing ACH fraud are becoming more prevalent. Criminals are targeting corporate cash management accounts and moving money out via seemingly innocent consumer accounts. The crook starts by stealing user IDs and passwords of cash management account owners, and by signing up random consumers via phishing attacks. The offer asks them to accept money into their accounts and then transfer it to the criminal's offshore account while retaining a five percent commission. Clever social engineering techniques in their phishing e-mails get consumers to sign up. After the groundwork has been laid, the crook simply goes into the corporate cash management account and transfers funds, using ACH fund transfer facilities, out of the corporate account to the phished consumer accounts. The victimised commercial banks generally fail to recover the stolen funds.


More from Techworld

More relevant IT news


FChaffin said: Great article I think ever business owner should read this I am recommending it to all my clients

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *