Online banking security: Who's minding
the vault?
By Laura
Bruce • Bankrate.com
As Americans improve their computer skills and
grow more comfortable with banking over the Internet, the hackers,
phishers and other fraudsters are honing their nefarious skills as
well.
The Federal Trade Commission received 301,835 fraud
complaints and 214,905 identity theft complaints in 2003. Bank fraud
accounted for 17 percent -- more than 36,000 -- of the identity
theft complaints. That represents just the victims who actually
filed a complaint with the agency. The FTC estimates there were
10 million identity theft victims that year.
The hacker component
In a 2003 survey of financial institutions around the world, 39
percent of respondents said their computer systems had been "compromised"
in some way the previous year.
"The financial services industry has always been
a target. People go where the money is," says Ted DeZabala
of New York's Deloitte & Touche, the company that conducted
the survey.
"What they want to get at is the mother lode,
the internal system, so they can get many customers simultaneously.
If someone gets into a major institution's system, he's looking
for information about a lot of customers. People should be concerned
that there is a risk. The network age is upon us -- information
is king and people will go after that."
The human dimension
Other areas of concern are the third parties with whom banks do
business. Those companies have your personal information -- how
secure are their computers? What about the people who work for the
banks and affiliated companies?
"Third parties and employee access are a major
challenge," DeZabala says. "Any uncontrolled access point
to a bank is vulnerable. The (banks) themselves need to put certain
levels of control in place and they need to enforce their policies
on third parties. There is a lot of effort being put toward shoring
up those controls.
"When an employee is terminated, they have to
be eliminated from the system and passwords have to be updated."
Concerns about online safety are a key reason why
many consumers still shy away from online banking, according to
Larry Freed, CEO at ForeSee Results in Ann Arbor, Mich.
"For the most part, it's fear of the unknown.
When my dad got an ATM card, he threw it out. He didn't think it
seemed secure. Why do so many people just take money out of ATMs
and don't make deposits? It's because they don't know where their
money goes when they slide it into that black hole. The banks need
to educate people on the security risk."
Phishing for information
It would be hard to fault consumers who are hesitant about banking
or making other financial transactions online. Hardly a week goes
by without a news report on a computer virus, worm or phishing attack
that makes the Internet seem like a risky place to move your money.
Phishing is when account holders receive an e-mail
that purports to come from the customer's bank, brokerage firm,
credit card company, etc. Customers are told to click on a link
within the e-mail and update their personal information. Often,
the phisher is looking for the Social Security number or the credit
card number with expiration date and PIN. Unsuspecting consumers
click on the link and are taken to a phony
Web site that often looks legitimate. They enter their personal
information and soon find their identity has been used fraudulently,
their bank account emptied or big bills have been racked up on their
credit card.
|
