Thursday, January 7, 2010

USA Today Posts Follow Up to ABA Warning to Use Separate PC for Online Banking





USA Today said in a followup post that "The American Bankers Association's advice to small and mid-sized businesses to only use a dedicated PC for online banking has surprised some tech security experts."



Here's more...



That's because the ABA's public stance has long been that online banking is completely safe and, in fact, makes banking safer since customers do not have to wait for a monthly statement to arrive in the mail to monitor for suspicious activity.  They also benefit from checking their account balances in real time via the Internet.



After reading our story on how cyber-robbers are targeting small business online banking accounts, security consultant Jennifer Bayuk  went scrambling to find the ABA's new guidance at the organization's  Web site.  Bayuk, former chief information security officer at Bear Stearns, could find nothing.



That's because the ABA's latest warning came in response to our initial request that it describe its current position on the safety of online banking, vis-a-vis small organizations.  We asked the ABA to explain why it considers Internet banking safe for smaller firms. Here's the full response from Doug Johnson, Vice President and Senior Advisor for Risk Management:

ABA, along with the financial services community, developed precautions that we have communicated with all member banks. Small- and medium-sized businesses are strongly advised to heed the guidance issued by their banks. The fraudulent transactions represent a very small portion of the millions of safe and successful ACH transactions conducted daily by businesses across the country. However, ABA is actively monitoring the situation and believes that commercial bank customers can safely utilize online banking by taking the precautions outlined in the alert.

The alert he speaks of  was  issued privately to banks by the Financial Services Information Services and Analysis Center. It warns small and mid-sized organizations never to use a PC dedicated to Internet banking for e-mail or Web browsing. We also asked the ABA to elaborate on the rationale that it should be largely left up to small and mid-sized organizations to take full responsibility for keeping any  PC used for Internet banking free of banking Trojans. Johnson's full answer:

Each bank sets its own policy regarding a business customer's liability related to unauthorized electronic transfers. The banking industry is committed to protecting all customers – including businesses – from the fraudulent activities of criminals. Therefore, banks urge business customers to be aware of their responsibility to keep computers used for online banking free of malicious programs. The American Bankers Association has encouraged member banks to distribute to their business customers guidance developed by the FBI and the financial industry on how to guard their computers against unauthorized security breaches. Specifically, ABA recommends that business customers always initiate ACH or wire transfers under dual control, with one person initiating the transaction and another person approving it. Such controls can greatly reduce the risk of unauthorized transactions made possible by a breach of computer security.

 "I was actually surprised to see that the ABA put out this type of warning because member banks don't usually publicly address this issue," says Bayuk.



By Byron Acohido











Disqus for ePayment News