Friday, February 5, 2010

Featured Post: How Dangerous is Online Banking?...asks MSN Money

I have blogged about the inherent dangers of online banking for some time now. Here is a great article from MSN Money wondering just exactly...



How Dangerous is Online Banking?




By Carolyn Salazar, MSN Money


Joe Lopez will never forget the day he checked his Bank of America account online and realized that more than $90,000 had vanished.



Months before, the Miami business owner had stopped making weekly visits to his local branch, opting instead to conduct his financial transactions entirely over the Internet.



"I absolutely thought it was safe," Lopez said. "And it was convenient."

What he didn't realize were the risks.




A malicious virus had infected his computer and, in a matter of minutes, captured his user name and password -- allowing a hacker to transfer $90,348 to a rogue overseas account.



Lopez got most of his money back months later, after a federal investigation and, eventually, a lawsuit. But his experience taught him the hard way, he says, what many experts have concluded: "Online banking is a danger."



Since its debut just a decade ago, online banking has become one of the fastest-growing Internet activities. Roughly 43% of people who use the Internet, or about 63 million Americans, do some banking there, according to a 2006 survey by the Pew Internet & American Life Project -- even more than make travel reservations online.



But that growing popularity has also brought increasing anxiety over whether something as private and personal as a bank account can be fully protected in the relatively unregulated and unpoliced world of the Internet.



"It's pretty hard not to do online banking because it is so convenient, and people want convenience," said Atul Prakash, a University of Michigan researcher who conducted a study on the risks of Internet banking. "Nevertheless, there are reasons to worry."



Mia Jozwick, a student at Wagner College in New York City, was duped by a “phishing” e-mail made to look like a message from her bank. Thinking it was an important financial notification, Jozwick responded by firing off her user name and password; she learned it was a scam only after someone emptied her account.





To make matters worse: Thieves were also able to steal her identity, because her password was her Social Security number. It took her a year and help from Identity Theft 911, a service agency, to unravel the mess she found herself in.



"It was a nightmare," she said.


Since the birth of electronic commerce, financial institutions have stepped up online security measures to try to make the process less vulnerable to attacks.



Some have spent millions (on band-aids) adding more layers of authentication, toughening encryption schemes and going after and shutting down bogus bank sites.


But that hasn't stopped hackers, who continue to look for ways to exploit security gaps.



Among the most popular attacks are phishing schemes that duplicate bank Web sites and ask customers to log on to their accounts. Others send e-mails, purportedly from bank employees, asking for sensitive financial information. Often the two work in tandem, with an e-mail containing a link that directs recipients to a bogus bank site. Both scams are designed to steal user IDs and passwords as a customer types them in, giving a cyberthief access to the person's financial accounts.



Other cyberthieves embed viruses, spyware or "Trojan horses" -- programs that can give thieves unauthorized access to a computer by recording and sending out a user’s keystrokes.



These programs allow thieves to look over your virtual shoulder as you type in sensitive financial information. Within seconds, your savings and checking accounts, even your investments, could disappear.



How big a problem are we talking about? The numbers are tough to pin down: 



Experts say there are no reliable studies showing how much money is lost through online banking alone, primarily because banks themselves can't always pinpoint the source of how a crime occurred, whether on the Web or through an ATM. (Note: "from skimmers and hidden camera's")



But various reports offer hints at the magnitude. For instance, about $3.2 billion was lost to phishing attacks in 2007, according to a survey by Gartner, a technology research firm -- with about 3.6 million people losing money to these attacks over 12 months.



"It's a huge business," said Graham Cluley, a senior technology consultant at Sophos, a spam-fighting security firm. "The scammers are literally making millions, and they can be based anywhere in the world."





And the attacks are increasing.



Take the so-called Sinowal Trojan, a virus that injects what seem like legitimate pages on someone's browser, then steals the user's log-in credentials. In probably one of the largest online banking breaches known to date, the virus has compromised 300,000 online bank accounts and about 250,000 credit and debit card accounts over the past three years, according to a study published in October by California's RSA FraudAction Research Lab -- with more than 100,000 online bank accounts hit in the past six months alone.



And there are thousands more Trojans out there, many of them specifically targeting online banking customers.



"There is definitely more risk than there was one or two years ago," said Avivah Litan, a Gartner analyst.





She said her clients have told her they've noticed the assaults have doubled in the past six months: "The attacks are so vociferous and manipulative that even the big banks can't stop them."




Disqus for ePayment News