FDIC: Hackers took more than $120M in three months
IDG News Service - Ongoing computer scams targeting small businesses cost U.S. companies $25 million in the third quarter of 2009, according to the U.S. Federal Deposit Insurance Corporation.
Online banking fraud involving the electronic transfer of funds has been on the rise since 2007 and rose to over $120 million in the third quarter of 2009, according to estimates presented Friday at the RSA Conference in San Francisco, by David Nelson, an examination specialist with the FDIC.
The FDIC receives a variety of confidential reports from financial institutions, which allow it to generate the estimates, Nelson said.
Almost all of the incidents reported to the FDIC "related to malware on online banking customers' PCs," he said. Typically a victim is tricked into visiting a malicious Web site or downloading a Trojan horse program that gives hackers access to their banking passwords. Money is then transferred out of the account using the Automated Clearing House (ACH) system that banks use to process payments between institutions.
Even though banks now force customers to use several forms of authentication, hackers are still stealing money. "Online banking customers are getting too reliant on authentication and on practicing layers of controls," Nelson said.
That's bad news for businesses, which are increasingly on the hook for any losses.
"Commercial deposit accounts do not receive the reimbursement protection that consumer accounts have, so a lot of small businesses and nonprofits have suffered some relatively large losses," Nelson said. "In the third quarter of 2009, small businesses suffered $25 million in losses due to online ACH and wire transfer fraud."
That's led to some nasty legal disputes, where customers say the banks should have stopped payments, and the banks argue that the customers should have protected their own computers from infection.
Often small businesses do not have the controls in place to prevent unauthorized ACH payments, even when their banks make them available, Nelson said. "Hackers are definitely targeting higher-balance accounts and they're looking for small businesses where controls might not be very good."
The FDIC's estimates are "reasonable," but they illustrate a problem that is becoming too expensive for banks and businesses, said Avivah Litan, an analyst with Gartner. She said that attacks that install a password-stealing botnet program, known as Zeus, have increased so far in 2010, so those losses may be even higher this year.
- Google I/O 2013's Coolest Products and Services
- 10 Star Trek Technologies That are Almost Here
- 19 Generations of Computer Programmers
- 25 Must-Have Technologies for SMBs
- A walking tour: 33 questions to ask about your company's security
- 15 social media scams
- The 7 elements of a successful security awareness program
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Federal IT Innovation Caught in a Catch-22
- Fed resources shoring up old infrastructure, holding back new technologies.
- Edison Group: Stepping Up to the Next Generation: The Business Value of Upgrading from HP EVA Storage to 3PAR StoreServ Storage
- HP EVA Storage users who face performance and scalability tradeoffs should consider an upgrade to 3PAR StoreServ Storage, powered by Intel Xeon processors.
- Taneja Group: Ensuring Business Continuity of SAN Storage with the HP 3PAR StoreServ 7000 Family
- Built from the ground up with business continuity in mind, Taneja reviews the HP 3PAR StoreServ 7000 array, powered by Intel Xeon processors,...
- ESG: The Business and Operational Benefits Achieved With HP StoreVirtual 4000 Storage
- Learn how HP StoreVirtual, features deliver time and resource savings, faster recovery capabilities, reduced outages and an impressive and quantifiable ROI.
- HP 3PAR StoreServ Storage for SAP Systems
- This technical paper describes tests that HP performed to demonstrate the benefits and capabilities of an HP 3PAR solution resulting in a high-performing,... All Government IT White Papers
- 3 Reasons Why Sepaton is the World's Fastest Backup Solution
- Leading analyst, Storage Switzerland learns how Sepaton backs up and deduplicates massive data volumes while maintaining the industry's fastest performance - all in...
- Enterprise File Sharing: All You Need to Know
- Security. Scalability. Control. These are just some of the many benefits of enterprise cloud file-sharing that you'll discover in this KnowledgeVault, packed with...
- Bridging HTTP and FTP with FileXpress Internet Server
- What if you could take an FTP server on your internal network, and allow external users (partners or customers) to securely access it...
- MFT and FileXpress - An Overview
- Business users and applications exchange files on a regular basis. File transfer is a core part of the flow of business activity.
- Content Analytics: Big Data Conquered, Customer Service Elevated
- For organizations looking to start a content analytics program or improve their existing capabilities, Aberdeen Group and IBM will lay out several recommendations... All Government IT Webcasts