Online banking attacks rise

WASHINGTON – An internal Suspicious Activity Reports (SARs) report from the Federal Deposit Insurance Corporation, leaked to The Washington Post, shows that US financial institutions reported a notable increase in online bank account fraud in 2007.

Quarterly SARs for second-quarter 2007 show that the average loss from computer intrusion-related SARs was around $30,000, up from $10,000 a year ago. Although the number of online fraud-related SARs was low at 536 when compared with the 17, 558 notices of cheque fraud, the double-digit rise suggests online criminals are employing more sophisticated technology to tap into online bank accounts.

The report indicates that in most cases, banks are at a loss to say exactly how cyber crooks are stealing the funds. The report indicates that the 80% of the computer intrusions were classified as "unknown unauthorized access – online banking," and that "unknown unauthorised access to online banking has risen from 10% to 63% in the past year." The report indicates that a large share of the unknown losses were probably the result of data-stealing programs, such as Trojan horses and key-logging software, installed surreptitiously on customer PCs.

Many of the SARs showed that criminals targeted online bill payment applications but the most significant losses came from unauthorised access to wire transfers and automated clearing house payments, which gave the banks less time to detect and recover the funds.

Despite these results, Fortify Software, the application vulnerability specialist, says e-banking services are still safe.

"Banking online is still safe for most users, provided they keep their IT security software bang up-to-date and, ideally, have multiple security applications loaded at all times. It's just that identify theft techniques have improved a lot recently," said Rob Rachwald, Fortify Software's director of product marketing.