Simply Security - News, Views, and Opinions from Trend Micro

Posted on August 7th, 2012 in Web Threats by Simply Security | Be the first to comment | Tags: web threats

Some financial institutions are now being held liable for theft of funds under their care, as attempts to increase security measures for wire requests don't seem to be improving.

The FBI has been aware of wire transfer fraud schemes for years now, warning banks and consumers going back to 2009 that millions were being stolen every year from personal accounts due to shoddy data security standards, according to PC World. Some financial institutions are now being held liable for theft of funds under their care, as attempts to increase security measures for wire requests don't seem to be improving.

Known as automated clearinghouse (ACH) attacks, these sweeping attacks on private money utilize online banking and its subsequent lack of protections to disperse funds quickly and anonymously, even blocking banks from tracing the funds in some cases by using better security measures than the institutions themselves. Seeing this as a lack of genuine effort, and noting several recent high-value cases of ACH fraud, some businesses are being taken to the bank themselves to repair damages on private entities due to lack of data protection.

Call to action

Wire transfers aren't as popular a form of fiduciary transmittance as they once were, as the Star Tribune pointed out in a recent article that they had been tied more closely with embezzlement and terrorist activities in the past couple decades. Their lack of popularity took them out of some banking establishments completely, though major banks retained the option as some high-dollar and international businesses require the service for legitimate purposes.

At the same time, the lack of security being enacted over these kinds of transmissions could further erode their acceptance. Apart from reports that wire transfer emails are being linked more with spam and malware attacks in recent months, according to Net Security, they are also resulting in fines for the banks themselves when failure to protect data becomes an issue.

Hersi Suleiman of Amal USA, a Somali wire transfer service in Minnesota, told the Star Tribune that larger firms are still pushing for relaxed legislation on review of parties involved in wire transfer transactions. Banks currently are not doing a thorough enough job to scrutinize those involved alread to determine whether fraud or terrorism of some kind is entangled in the request, Suleiman said in a statement before Congress.

Rap on the knuckles

A very basic first step in checking these transactions and protecting data would be to increase online banking protections. Seeing as banks are now being forced to pay out when customers are defrauded of their funds, financial institutions should start reassessing internet and mobile banking security measures to make sure hackers aren't slipping in and making off with millions of dollars.

People's United Bank of Maine and Professional Business Bank of California are each facing at least $300,000 in damages payments to private companies after shoddy security resulted in even larger sums being defrauded from their clients, according to Computerworld. The attacked accounts were associated with construction and realty businesses that had set aside funds in similarly earmarked accounts for long-term holding, meaning the affected entities had made it clear there shouldn't be movement of funds for some time. Had the banks used more scrutiny and better security procedures as Suleiman suggested, the incidents may never have occurred in the first place.

Not only have these banks suffered a major hit to their pocketbooks, but they'll also have to struggle to regain the confidence of their other customers, let alone attract new clientele. Using proper online data security measures could have circumvented the entire problem, a lesson other institutions would do well to study.