If he keeps the browser from timing out, he could even lurk in your online banking to allow you time to log out, and then he could send his nefarious transactions.

There is absolutely no substitute for properly protecting the end user.

Unfortunately, most banks do not do enough to help the end users protect themselves. Educate, educate, educate.

Like or Dislike: 0  0

I do not recommend booting from a USB or other writeable media, even if not doing so requires answering your security questions every time. If you can write to it, so can fraudsters.

If you are a small business owner, do not mess around with this simply because you don’t want to spend an extra 5 minutes to do this business. That 5 minutes can save you your business.

Like or Dislike: 0  0

We’re all expecting this to be Zeus and to behave like the Zeus infections we’ve seen stealing information from noncommercial users. But for a target potentially yielding as much money as this, it’s entirely possible they’ve crafted a trojan that uninstalls itself after the deed is done. They don’t anticipate there being any chance they can continue to collect data from that computer once there’s been such a high-profile theft, so why make it easy for law enforcement and the AV software companies to find and analyze their malware?

Well-loved. Like or Dislike: 9  0

Unfortunately, the live CD’s are only really helpful when the only people using them are ones who already are pretty good at protecting themselves. Once naive users start looking for sites to get a download to create a boot disc, they’ll be getting duped by the same kind of people distributing rogue AV programs. And if they start popping any CD that shows up in the mail into their computers as if they were AOL installs, I’m sure we’ll see them being used as vectors for malware, too.

Well-loved. Like or Dislike: 5  0

I have to agree that I really only hear about smaller banks being the victim of these types of losses. I think you are right it would be extremely interesting to see who is really the victim of these types of fraud, large vs small banks. However I don’t know that simply because we only hear about the small banks that means that the big banks have this all under control. We usually hear about these incidents regarding lawsuits or upset customers, big banks have a lot more resources to keep people quiet and even just compensate customer losses to maintain PR and face. I’m not saying that is the case, but on the other hand without hard research I’m not drawing any conclusions.

If there are major/minor banks using transaction monitoring, I would love to hear about it and even discuss to learn lessons from them. I think there is huge value to all banks in having a successful model to follow to help prevent this fraud. Right now I think risk based transaction monitoring is still a developing technology, when a mature solution is needed right this instant.

PS – If your using transaction monitoring as a financial institution, I would love to have someone change my mind about the state of things.

Well-loved. Like or Dislike: 4  0

Who says that banks aren’t monitoring transactions already? Larger banks have transaction risk monitoring going on in the background. I would note that almost all of these fraud examples you find are with firms banking with smaller banks that cannot invest in that level of secuirty like larger banks can. I think you should start tracking stats of the size of the bank (assessts for simplicity) who’s client you’ve heard of being defrauded. I think you’ll find incidents skewed towards smaller banks because they don’t have transaction monitoring in place.

Well-loved. Like or Dislike: 7  2