Online banking fraud hovered $120 million by third quarter of 2009, FDIC reports

According to US Federal Deposit Insurance Corporation data, small businesses computer scam made up $25 million in the third quarter of 2009.

Online banking fraud involving the electronic transfer of funds has been increasing since 2007 and reached the volume of over $120 million in the third quarter of 2009, according to estimates presented Friday at the RSA Conference in San Francisco, by David Nelson, an examination specialist with the FDIC.

Almost all of the incidents reported to the FDIC related to malware on online banking customers' PCs. A typical victim is a person visiting a malicious Web site or downloading a Trojan horse program that enables hackers to get access to his banking passwords. Thereafter, money is transferred out of the account using the Automated Clearing House (ACH) system that banks use to process payments between institutions.

Despite banks encourages clients to utilize several forms of authentication, hackers continues stealing money. Moreover, as Nielsen stated, hackers are definitely targeting higher-balance accounts and they're looking for small businesses where controls might not be very good.

That's led to some nasty legal disputes, where customers say the banks should have stopped payments, and the banks argue that the customers should have protected their own computers from infection.

Avivah Litan, an analyst with Gartner, consider those losses may be even higher this year as attacks that install a password-stealing botnet program, known as Zeus, have increased so far in 2010.