Banks, named new main target for financial crackers, ponder radical tactics for defense

Sharing data to mine for potential threats or informal tip sessions run counter to banking culture

By  

Organized-crime gangs are turning away from consumers and toward banks to increase their productivity and efficiency. And because, as leading 20th century bank robber Willie "The Actor" Sutton is reputed only in urban legend to have said, "that's where the money is."

(Sutton stole more than $2 million during a 40-year career. Though Snopes.com says he never told anyone he robs banks because that's where the money is, Sutton is so famous for the phrase that medical schools teach "Sutton's Law" "Consider the obvious first" as a way to remind budding doctors to consider the obvious causes of an ailment first before investigating exotic causes. An older version of the same dictum goes "when you hear hoofbeats outside the window, don't assume it's a zebra." Though he was known for clever plans and disguises, Sutton is not known ever to have used a zebra in one of his robberies.)

"We realized that just as the fraudsters collaborate with each other, we as an industry must collaborate," according to a WSJ quote from Keith Gordon, a Bank of America senior vice president of security.

Neither project is likely to deliver much benefit in the short term. Even banks discussing the NYU-Polytecnic project are resisting the idea of pooling data in favor of allowing each bank to sift its own and share homogenized results.

The continuing problem, according to other sources in the Journal, is confidence. Banks will avoid, deny and even lie about attempts at fraud, even when they're spending money to stop it and haven't been successfully hit, just to keep anyone from thinking they're vulnerable.

It is only threats such as spear phishing and the Zeus trojan, which is designed specifically to attack banks, that is driving the financial industry toward circling all the wagons rather than just their own.

The question is whether even a large-scale effort will do any good by creating an honest pool of data, or if the whole thing will be hamstrung by banks keeping their most embarrassing (and most useful) data locked up where no one can see it.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question