Slashdot Mirror
Banks, Wall St. Feel Pinch from Computer Intrusion
An anonymous reader writes "Financial institutions and companies in the securities/futures business are reporting sizable increases in the amount of losses and suspicious activity attributed to computer intrusions and identity theft, says the Washington Post's Security Fix blog. The Post obtained a confidential report compiled by the FDIC which analyzed Suspicious Activity Reports from the 2nd Quarter of 2007. SARs are filed when banks experience fraud or fishy transactions that exceed $5,000. The bank insurance agency found that losses from computer intrusions averaged $29,630 each — almost triple the estimated loss per SAR during the same time period in 2006 ($10,536). According to the Post, 'The report indicates that the 80 percent of the computer intrusions were classified as "unknown unauthorized access — online banking," and that "unknown unauthorized access to online banking has risen from 10 to 63 percent in the past year."' Another set of figures analyzed by The Post looks at similar increases affecting the securities and futures industry."
It's not just bean counters. Many businesses went into the computer services side of their business with either no knowledge of the risk, went into it before the risks were known, or simply made bad decisions. Now, they have to have the computer side of their business to compete and they are finding out what dangers lie inside pandora's box, even as they try to put the lid back on.
Intrusion detection systems are how old? Who really is the enemy as far as the computer system can tell? If you don't know, or are not sure of the answer, you have something in common with the people that have to make decisions with the security of your financial information. I'm not saying that it's a total lost cause, but think about it, have you heard of CSO CIO or CISO? These are the guys that are supposed to make such decisions. Does your bank have any of those positions? Oh wait, is it really the bank that is fully to blame? Did your login get compromised by some software on the 'build-a-better-model-airplane' website?
Better yet, did the bank's EDI software get compromised because one of their partners has an IT guy that watches porn at work during the grueling month-end process?
The truth is that a secure system cannot trust anyone or anything. Getting to your money in a secure system will not be easy, and will be a deterrent to using computerized banking. That is just how it is. Ever since there were banks, people have been trying to rob them. Security issues should not be news. What is news is that the banks and financial institutions are reporting that they are having trouble with security in a time when just about the entire industry has been hurt by the sub-prime issue? I smell a kind of rat here.
Support NYCountryLawyer RIAA vs People
And that kind of technology would invariably lead to "Works only on Windows".
I'd rather have a separate "channel" of information to verify against. If one would use internet banking, then a txt msg containing pertinent info would be sent, with a reply "$dollar amount and yes" as confirmation.
Phones can be deactivated rather fast when it comes to stolen" and such things. It would provide extra security and very little hassle.
I call BS. There's a lot they could do to increase security for banking. How about actual 2-factor authentication. Something you know, and, something you know is not 2 factor authentication. Try something you know (your password), and something you have (those little RSA tokens). If they implemented those RSA tokens that spit out a new number every 60 seconds, they could stop almost all the phishing scams. Yet they refuse to do anything to actually even offer the more secure option. I'd pay for the RSA token out of my own pocket if it meant my money would be more secure.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
I am TheRaven on Soylent News