Comments on: Texas Bank Sues Customer Hit by $800,000 Cyber Heist

By: nat

nat — Thu, 08 Jul 2010 04:51:30 +0000

1st line of defense: Don’t bank online. But if you HAVE TO bank online, then…..

2nd line of defense: Use a dedicated machine with a Linux O.S. (see also http://www.distrowatch.com &/or http://www.linux.org/dist/list.html for comprehensive listings). Can’t use a dedicated machine? Then…..

3rd line of defense: Boot the machine off of a Linux disk and save your data to a USB flash drive. And DO NOT store your login IDs and passwords electronically; but DO store them in a physically secure place (e.g., a safe).

Like or Dislike: 0 0

By: JCitizen

JCitizen — Thu, 01 Jul 2010 19:17:04 +0000

Excellent link Benjamin! Seems like a settlement is already in place.

Our congressmen need to look at this, and not only change the liability laws, but help the banks with their security concerns. After all we are supposedly in a “cyber-war” with enemies already. It only makes sense for the government to help the little banks out on the infrastructure and costs on this new security,. if they mandate the requirements.

Consumer’s Union has more or less joined the fray, with political action to improve credit card practices and fraud protection. CU is a BIG lobby, I didn’t hesitate to join, and we now stand together to put pressure on congress and the banking industry as a whole!

Like or Dislike: 1 0

By: JCitizen

JCitizen — Thu, 01 Jul 2010 18:56:02 +0000

@Dave:

You list is part of the picture – I might add that few seem to be aware that Microsoft has a free utility called “steady state” that locks the hard drive to ANY changes in files. Ordinary files would have to be stored on another drive or partition. I’m not sure which versions of Windows that it is available. If not available for your version, maybe a look at Faronics would be in order.

You would still want AV and AS solutions in place, in case the present session were somehow compromised. This would entail unlocking the drive at least two times a day, to update the operating system and/or AV/AS utilities. You would not want to do any unnecessary surfing during these updates; and immediately relock the drive afterward.

Some say a Puppy Linux Live CD would be better; your mileage may vary.

Like or Dislike: 1 0

By: JCitizen

JCitizen — Thu, 01 Jul 2010 18:42:21 +0000

That’s funny! I had always read SMS is one of the easiest forms of communication to intercept and manipulate. Maybe you country has a different SMS form of service than the rest of the world?

http://www.zdnet.com.au/sms-two-factor-authentication-dead-in-3-years-nab-339284387.htm

Like or Dislike: 0 0

By: JCitizen

JCitizen — Thu, 01 Jul 2010 18:02:32 +0000

Although I agree with what you are pointing out here; it does seem ridiculous to pay lawyers $200,000 to initiate and follow through to a lawsuit, when simply paying the victim the same money would have been settled out of court instantly!

I realize the bank probably doesn’t want precedent set here also, but it is still ridiculous.

Like or Dislike: 1 0

By: Les

Les — Mon, 07 Jun 2010 18:54:34 +0000

Most bank staff cannot comprehend network security. Attempts at enlightening them often proves unfruitful. It often takes auditors to compel banks into action. I still know of banks that won’t use Multi-factor authentication. I know that’s not comprehensive but it’s better than nothing at all. (Why position yourself to be low hanging fruit?)

The problem with Debit cards is that once you provide a PIN to a merchant, you are entrusting the key to unlock your bank account with the merchant’s security. And most merchants are clueless when it comes to anything close to Payment Card Industry security. As an example: in 2007 in Southern California, it was speculated that Office Depot Databases were compromised. Hackers harvested Debit card numbers and corresponding PINs. Wamu, BofA, and Wells Fargo reissued 250,000 debit cards in response. The actual breach was never positively identified.

Everytime you use a Debit card and provide your PIN for a retail transaction, you’ve just entrusted it to the merchant’s network security.

I would suspect that using Debit cards with various retailers also increases your chances of encountering Card Skimmer too. Yet banks issue Debit cards to customers by default. Bank staff doesn’t even know how to issue a simple ATM Card anymore.

Since electronic deposit is quickly becoming the industry standard practice, the business model needs to change because the bad guys are adopting more quickly than the financial institutions and merchants. The “It’s too complex” or “It’s too expensive” is no longer an acceptable excuse.

Like or Dislike: 1 0

By: anonymoose

anonymoose — Mon, 07 Jun 2010 15:45:20 +0000

I had a debit card with a major bank that had my picture on it. It fell out of my pocket, and someone picked it up and immediately charged almost $1000 at a convenience store, where the clerk didn’t bother to compare the picture on the card (or the signature) to the person using the card.

The bank said “tough luck” and would not even investigate the fraud.

Now, at least, to use the card I have to enter in my zip code (and since I have an unusual zip code, this offers me a modicum of security).

As a result, I now insist on choosing a bank that requires PIN numbers for credit cards, just as debit cards work.

Debit cards do not have the legal loss protections of credit cards (although if Obama’s banking reforms pass this may change), and credit cards traditionally don’t have PIN security. So it was hard to find to find a secure credit card.

The only company that supports the consumer is American Express, but since they have high bank fees, many retailers won’t accept them. The hunt for an honest, secure, universally-accepted bank is unending.

Like or Dislike: 1 0

By: Karen

Karen — Wed, 02 Jun 2010 04:59:40 +0000

That’s just great but more consumers use windows than macs because they don’t know otherwise; it’s the way it is. If they did, they wouldnt use windows, obviously. Unless they want to be robbed. Hmm….

Like or Dislike: 1 2

By: Karen

Karen — Wed, 02 Jun 2010 04:55:21 +0000

WAKE UP! i am a victim of this exact crime and have learned there is NO protection or software I can purchase to protect my company’s online bank accts from this particular virus – but the banks CAN set up multi levels of authentification and chose not to because commercial accounts. unlike personal, take the hit so no worry on the bank’s end.. starting with a simple block when money is transferred from the US from an account that has never transferred money period, let alone to a well known terrorist group recoginized by Homeland Security! Do your homework and get back to me.

Like or Dislike: 0 3

By: Karen

Karen — Wed, 02 Jun 2010 04:45:55 +0000

You got it!

Like or Dislike: 0 2