Online Banking Fraud At $120 Million 2009 Q3

Online banking fraud involving the electronic transfer of funds has been rising since 2007 and reached more than $120 million in the third quarter of 2009, according to estimates presented Friday at the RSA Conference in San Francisco, by David Nelson, an examination specialist with the FDIC.

Computer scams which target businesses have cost US companies $25 million in the third quarter of 2009, according to the US Federal Deposit Insurance Corporation.

The FDIC uses a variety of confidential reports received from financial institutions, which allow them generate the estimates, Nelson said.

Almost all of the incidents reported to the FDIC related to malware on online banking customers' PCs. A typical victim is a person visiting a malicious Web site or downloading a Trojan horse program that enables hackers to get access to his banking passwords. Thereafter, money is transferred out of the account using the Automated Clearing House (ACH) system that banks use to process payments between institutions.

Although banks encourage clients to use several forms of authentication, hackers continues stealing money. "Online banking customers are getting too reliant on authentication and on practicing layers of controls," Nelson said. Nelsen also stated, hackers are definitely targeting higher-balance accounts and they're looking for small businesses where controls might not be very good.

That's led to some nasty legal disputes, where customers say the banks should have stopped payments, and the banks argue that the customers should have protected their own computers from infection.

That is also more bad news for businesses, which are on the hook for any losses more than ever. "Commercial deposit accounts do not receive the reimbursement protection that consumer accounts have, so a lot of small businesses and nonprofits have suffered some relatively large losses," Nelson said. "In the third quarter of 2009, small businesses suffered $25 million in losses due to online ACH and wire transfer fraud."

Avivah Litan, a Gartner analyst, feels those losses may be even higher in 2010 because computer attacks that install the password stealing botnet program, known as Zeus, have increased this year.