Banking's big dilemma: How to stop cyberheists via customer PCs

By , Network World |  Business, cybercrime

In online banking and payments, customers' PCs have become the Achilles' heel of the financial industry as cyber-crooks remotely take control of the computers to make unauthorized funds transfers, often to faraway places.

That's what happened to the town of Poughkeepsie in New York earlier this year to the tune of $378,000 carried out in four unauthorized funds transfers from the town's account at TD Bank. First discovered in January, the town was able to finally get the full lost amount restored by March, according to public records, through sometimes tense interaction with the bank.

Proposed U.S. law would single out cybercrime havens

Though the town declines to discuss the matter, this high-dollar cyberheist, along with a slew of other incidents in the past year, has many bank officials worried. They're concerned that the customer desktop, especially in business banking where dollar amounts are high, is increasingly the weak link in the chain of trust.

Other cyberheists that have reached the public eye include Hillary Machinery of Plano, Texas, for $801,495; Patco Construction for $588,000; Unique Industrial for $1.2 million; and Ferma Corp. for $447,000. Schools and churches aren't immune, either. One FBI report from late last year said the agency gets several new victim complaints each week.

And businesses should be even more worried than consumers about whether banks will restore monies stolen by cybercrooks exploiting compromised computers using botnet-controlled malware. According to Gartner analyst Avivah Litan, while consumer accounts receive specific legal protections to restore unauthorized transfers under what's called the "Reg E" federal regulations, businesses do not.

Disputes over hijacked computers and fraudulent transfers are erupting into the public eye as businesses quarrel with their banks over who is at fault when a cyber-gang manages to make off with the money. The restoration of lost funds occurs on a case-by-case basis.

The dilemma for banks boils down to this: How far can they go to help protect customer desktops that function like part of their shared network but aren't owned by the bank?

Banks are faced with the prospect that "customers own PCs that have been in the hands of Russian crime syndicates," says Jeff Theiler, senior vice president at Hancock Bank, which primarily operates along the Gulf Coast region.


Originally published on Network World |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question