|
Over the past several weeks a number of disturbing reports have surfaced concerning an increase in electronic bank fraud against businesses. One warning from a high profile industry group went so far as to urge businesses to set up a stand alone computer for business banking – one that could not be used to surf the Web or send and receive email.
Research firm Gartner issued a report in August warning that attacks against business bank accounts can do more harm than the more well-publicized credit card breaches. When cards are stolen, regulations typically require customers to be reimbursed for unauthorized charges. When cybercriminals access a business bank account and transfer money out, it is very likely businesses will be unable to recover the bulk of their funds.
“In the last several weeks, business banking fraud has become a dominant discussion point in the financial and security industries,” says Avivah Litan, a senior Gartner analyst. “With cybercriminals circumventing strong authentication and using sophisticated reconnaissance on accounts during the attacks, increased fraud awareness has never been more important.”
Awareness about such attacks was heightened by a Washington Post report in August that the Financial Services Information Sharing and Analysis Center (FS ISAC) issued a confidential alert to its members warning of increased dangers associated with online banking. The industry group warned business bank customers to “carry out all online banking activity from a stand-alone, hardened and locked-down computer from which email and Web browsing is not possible.”
FS ISAC is an industry group created by presidential order to share data about critical threats to the financial sector. Its members include the New York Stock Exchange, Citigroup, Morgan Stanley and Goldman Sachs.
In an article on CIOZone, Cara Garretson tells the story of what happened to a Maine construction company, Patco Construction, after cybercriminals managed to transfer $580,000 out of the company’s bank account.
Okay, it’s dangerous out there. But businesses aren’t about to stop doing electronic banking. That ship sailed long ago. So what are some practical steps that can be taken to prevent online fraud?
Terry Austin, chief executive of Guardian Analytics, a Los Altos, Calif. firm specializing in security and fraud prevention, says it begins with asking questions of your bank about how they’re protecting your money and what they will do if your account is breached. He offers these five tips:
• Be aware of your financial rights. If your business becomes the victim of online banking fraud, you have fewer rights than you do as an individual. Regulation E of the Federal Electronic Funds Transfer Act requires banks to reimburse consumer fraud victims within 10 days of a fraud report, but does not protect businesses the same way. Ask your bank what their policies are and whether your funds are protected.
• Ask your bank to increase its investment in protection technologies. Despite increased regulations, many financial institutions have lagged in implementing technologies beyond basic authentication methods.
• Update your anti-malware software and firewalls, particularly on any computer used for online banking.
• Monitor for irregularities and missing funds. It is imperative for any business to be on the lookout for abnormal activities. Ask your bank if it offers a transaction alert service to notify you of important or unusual account activity.
• Educate your financial managers on the threats. Forward the latest advisories to anyone who manages your business banking, including the CEO, CFO or appropriate accounting manager.
Only registered users can write comments.
Please login or register. |
