March 08, 2010, 1:09 PM — The rise in popularity and the pervasive nature of online banking over the last decade have been meteoric. The power of convenience has largely trumped customer fears about security, but there are signs that the tide may be turning. Perhaps exacerbated by the global recession and shocks to the financial markets, cybercriminals have been targeting business bank accounts at increasing frequencies over the last year, catapulting the conversation about online banking security into corporate realms. With cybercriminals readjusting their focus from individual to much more lucrative business accounts, this disturbing trend is now getting the attention of authorities such as the FBI, FDIC, and Department of Homeland Security, and has been described by many as a leading cybercriminal trend for 2010.
Particularly because employers are increasingly liable for these incidents, with Regulation E of the Federal Electronic Funds Transfer Act not protecting business accounts as it does for individuals, businesses must reexamine their online business banking practices to proactively protect themselves from such attacks and the associated potential monetary losses. Banks, too, must amplify their security practices to combat the tactics cybercriminals are now using to perpetrate this type of fraud.
Business Banking Attacks on the Rise
Consider that in a single month this past August, no less than the FDIC, NACHA (the Electronic Payments Association), the Financial Services Information Sharing and Analysis Center (FS-ISAC) and IT advisory firm Gartner Inc. all published alerts about rising Internet threats to business banking.
The following month, the Senate Committee on Homeland Security and Governmental Affairs held a special hearing to discuss cybercriminals targeting small- and medium- sized businesses. New protective cybersecurity legislation has been introduced, co-sponsored by Committee Chairman Joe Lieberman (ID-Connecticut) and Ranking Member Susan Collins (R-Maine). Reports of victimized businesses continue to inundate the media into 2010, with several companies even suing their banks.
The losses are substantial. The Washington Post reported that recent victims include a school district near Pittsburgh that lost $700,000 and an electronics testing firm in Baton Rouge that lost $100,000. One of Guardian Analytics' customers recently intercepted an attempted ACH transfer of $800,000 for a business banking customer in a scheme involving more than 80 smaller transactions arranged to be sent to unwitting mules. For many small- to medium-sized businesses, these types of losses are catastrophic and can potentially mark the beginning of the end if banks refuse to reimburse them.
Cyberfraud Schemes Becoming Highly Sophisticated