By John Jaser
What worries you more? News that hackers have infiltrated the nation’s electrical grid, or that they downloaded the Air Force’s plans for a new fighter plane? How about hackers who trick bank employees into divulging customer information over the phone?
The bank telephone fraud works like this: criminals hack into the customer’s contact information, then attempt a suspicious transaction against the customer’s account. When the bank calls the customer to inquire about the transaction, the bank connects to the criminal instead.
Most bankers will say that’s impossible, but criminals are capable of many things where money is involved.
Cybercriminals have been known to activate the customer’s automatic call-forwarding feature so that every call to the victim goes straight to the criminal. There are even reports of criminals who specialize in mimicking legitimate customers over the phone, changing the victim’s credentials and siphoning the victim’s money.
Today’s criminals also run their own automated call centers to impersonate banks and credit unions via telephone, e-mail and text-messages. Their goal? To instruct consumers to call the phony call center and divulge their account numbers and passwords.
The takeaway in all this? The Internet is only one playground for today’s cybercriminal, and as our communications methods proliferate, so will the risks.
To date, bankers have done a good job securing their Internet banking sites and alerting their customers to the dangers of phishing and viruses. Retailers are coming up to speed and consumers are slowly learning that patching the software running on their PCs will help protect them from passing on virus infections and other cyber tricks.
But as banks, retailers and consumers harden the Internet banking channel, criminals are moving to other, greener venues. By green, I mean newer and less-protected channels. Consumers can be fooled more easily because they are less familiar with new forms of cyber crime. Banks aren’t quite as ready to respond to attacks. And the criminals reap their unjust rewards.
What can bankers do?
Very simply, incorporate security into each new electronic channel. Decide how your institution will respond to cyber assaults via cell phones, PDAs, social networks and all the rest of the burgeoning world of electronic communications.
Sound like a daunting task? Then do one at a time and don’t accept a channel for customer communications or transactions that hasn’t been securitized and for which the customer is unprepared.
Does it seem far fetched? Not by a long shot. Research firms are predicting huge increases in the number of communications vehicles in the next few years. Some e-mail signature blocks are bursting with addresses far beyond street, city, phone, e-mail and fax. We are beginning to see blog, Youtube, Linkedin and Twitter addresses crossing the demographic lines. If your customers aren’t there today, consider yourself lucky – you’ve got a little more time to prepare.
The bottom line is that criminals often target the novice practitioner of something new. If your bank plans to open a new channel of communications or transactions with its customers, have the security worked out ahead of the launch, including counter measures should the criminals mount an attack.
Most of all, expect the unexpected. Internet-based crime has leaped into realms unthinkable at the start of e-banking. There should be no question that our new banking channels will be attacked just as aggressively.
Let’s use our experience with Internet-based crime to prepare our new banking channels. Our customers expect nothing less, and we can deliver so much more.
John Jaser manages Internet Services and Security at Avon, Conn-based COCC, Inc., (www.cocc.com), a 42-year-old firm specializing in outsourced information technology and support.