Cybercriminals have had great success over the past year hitting banks where their security is the weakest–on their customers’ PCs. In 2009, online fraud losses doubled, according to FBI data.
Now banks are starting to hit back, focusing not only on the security of their own systems, but of their customers’ systems. Last week, security firm Trusteer announced it would provide a service to banks that lets them remotely analyze computers belonging to customers who have been hacked. Using the service, called Flashlight, banking customers that believe they have been targeted could download a program to their PC that would quickly search the system for digital tracks left by online thieves and their malicious software.
“By analyzing the malware, the banks can find out how the groups are getting by their security measures,” says Mickey Boodaei, CEO of Trusteer. “We noticed that most banks have no real understanding of their fraud losses. They have no idea where they are originating from, whether it was Zeus [a common Trojan horse program] or some other malicious software, and what criminal groups are attacking them.”
Banks have had mixed success cracking down on cybercriminals. While cyber fraud has declined in the past three years, fraudulent online transactions have climbed, according to a presentation by the Federal Deposit Insurance Corporation (FDIC), the agency responsible for securing Americans’ savings. In the third quarter of 2009, losses due to online fraud topped $120 million, with small-business losses accounting for $25 million, according to the FDIC.
Most of the fraud was due “to malware on the online banking customer’s PC that was related to phishing, downloading Trojan horse programs, or visiting a website that infected the PC with a drive-by type of malware attack,” FDIC examiner David Nelson said during the presentation.
While U.S. regulations have required that banks use more than just a username and password to secure bank transactions, online thieves have adapted quickly to the new security. Instead of logging into a user’s account from a different country, many cybercriminals are now surreptitiously using the victim’s browser to initiate fraudulent transactions. “As soon as the financial institutions began implementing strong authentication, the bad guys began to find ways to defeat strong authentication,” Nelson said. “Almost all of the (latest) losses were the result of the computer intrusions on the networks or the PCs of banking customers.”