A modest solution to large account cyber theft


Most people have a fairly stereotypical view of how bank accounts are compromised online.

It starts with a hacker who somehow dupes an employee at a small company or municipal entity into giving critical information about the organization's bank account. Armed with the information, the criminal access the account and drains the money, sending it to an array of rogue accounts, attempting to churn the funds through myriad accounts, finally depositing funds offshore--before the bank can put a stop to it. This, unfortunately, has become routine, leaving many small entities fuming, as there is nothing that requires banks to compensate them for losses.

But, as hackers get more clever, they have raised their sights, targeting much larger companies. The bad guys have evolved a sophisticated knowledge of bank treasury management systems, and the idea of draining away corporate funds is not out of the question.

Banks "have spent untold millions and countless man-hours educating their corporate clients about the importance of what they can do to minimize online fraud risks, but the fact is that they cannot force their clients to secure their own technology environments. Meanwhile, the cat-and-mouse game between banks and bad guys continues to escalate, and even though most banks are fighting the good fight, the cybercriminals seem to be staying ahead of the game," notes a commentary in ComputerWorld.

The article offers a modest solution -- why not create solutions that do not involve browsers?

"For decades, banks have offered their corporate clients direct integration for certain types of payments, like direct deposit of payroll. Doesn't it follow that, as more and more clients invest in automating business processes like accounts payable and treasury payments, banks should take advantage of the leading-edge integration technologies?"

Browser access is the focal point of so many schemes. It makes sense to take it out of the equation with some sort of direct-access software. At a minimum, it would give the bank so much more control of the security equation. Not every transaction could be automated, but the benefits would still be worth it. -Jim

Filed Under