Online banking data protection is wound down by incompetence

[img_assist|nid=7413|title=|desc=|link=none|align=left|width=66|height=100]Financial institutions are facing security issues with online banking daily. Both individual and business customers aggravate the problem.

Average money loss on the score of financial data interception or identity frauds rose about three times for a period of the second quarter 2006 and the second quarter of 2007. For the latter quarter losses per one event accounted for $29,630.

"What's important to understand is that the vast majority of losses are occurring in online-banking applications," states Jon Gossels, president and CEO of SystemExperts Corp., a security and compliance consulting firm. "You tend to be dealing with a relatively large number of largely unskilled users - certainly not sophisticated users."

Consumers worsen the state of affairs through ignorance allowing information leakage. Often customers accidentally download Trojan horse virus which installs a keylogger on the user's PC. The keylogger intercepts bank-account information making the account accessible to a violator.

"The Achilles' heel tends to be end-user consumers, in terms of their level of sophistication and understanding and awareness of the threats," added Mark Steinhoff, who leads the financial-services security and privacy team at Deloitte Development LLC.

As regards the businesses the same situation is taking place. The perpetrators may hit customer-relations executives with email disguised as complaints from the BBB (Better Business Bureau). The phony BBB email includes an attachment designed to launch a program that would download a keylogger.

"That is your role to deal with consumer complaints, so there's no reason not to open it," said Gossels of the subterfuge. "The thing about spear phishing is that it is very subtle and business-appropriate."

To crown it, all banks add fuel to the fire refusing to conduct IT security audits that they are supposed to undertake. Smaller financial agencies are less likely to hold internal control which results in encountering the problem more often.

The banks are suggested to assist their consumers by providing them anti-virus software with a list of useful recommendations and guidelines. But the main measures should be taken when performing daily services. For example, if an account has never performed an ACH (Automated Clearing House) transfer and a large one - or several of any size - is requested electronically, additional oversight processes should be initiated.