In online banking and payments, customers’ PCs have become the Achilles’ heel of the financial industry as cybercrooks remotely take control of the computers to make unauthorized funds transfers, often to faraway places. That is what happened in Pooghkeepsie in New York earlier this year when $ 378,000. was carried out in four unauthorized funds transfers from the town’s account at TD Bank.
Bank officials are worried that the customer desktop, especially in business banking where dollar amounts are high, is increasingly the weaklink in the chain of trust.
According to Gartner’s Litan, she faults security software providers, including McAfee, Symantec and Trend Micro, for doing so little. Her advice to banks is they can NOT count on it, it’s too ubiquitous, and the banks need to make clear it is NOT total protection. Their higher priorities should be on things they can control, such as fraud detection and out-of-band protections.
Brian Krebs, an investigative journalist says his mantra on this continues to be that nay commercial banking technology that does NOT begin with the premise that the customer’s machine may be and probably is already compromised with Malicious software, does NOT stand a chance of defeating today’s cybercrooks.
According to an FBI report from last November about cyberheists and the role of the money mule, cybercrooks’ fraudulent ACH transfers are often directed to the bank accounts of willing or unwitting individuals within the United States. These people are often recruited through “work from home” advertisements or contacted by recruiters after placing resumes on popular employment sites.
Joe Stewart, Director of Malware Analysis at SecureWorks, stated that since the known banking Trojan malware is Windows-based–there are NO Mac banking Trojans yet, he views the situation today as largely one centering on Windows-based machines, and he would NOT recommend banking online with Windows. source: Ellen Messmer, NetworkWorld