Could Online Hackers Steal Your Cash
Could Online Hackers Steal Your Cash
Saturday, May 15, 2010
Bankrate.com. Copyrighted, All rights reserved.
When you access your bank account online you probably don't think that at that exact moment there may be a hacker, somewhere in the world, trying to steal your bank information and your money.
Your bank offers secure online banking, so why should you worry, right?
Despite banks' efforts to protect accounts from the online crooks, hacker attacks remain a serious threat that cost Americans millions of dollars each year. The Internet Crime Complaint Center reported that Americans lost about $559 million to Internet thieves in 2009. That is more than twice the 2008 figure, when $268 million was stolen on the Internet, according to the center.
"Last year there were more online bank robberies than there were actual on-site bank robberies," says Sean Sullivan, a security adviser at F-Secure, an Internet security firm. "Banks have become very proactive in protecting accounts from hackers, but it's still quite a large problem. We see all types of new attempts every day."
Banking Trojans -- malicious code specifically designed for banking fraud -- are one of the biggest threats to consumers who bank online, Sullivan says. They are invisible and can steal multiple types of data, including passwords. Some more advanced types of Trojans can make fraudulent transfers and drain your account while you are logged on to the account online, he says.
Is Your Bank Safe?
The more questions and passwords you are asked to enter in order to log in to your account, the safer is your bank's website.
If your bank only asks you to enter a username and password to log in its website is not as secure as it should be, Sullivan says.
Some banks require customers to create a username, a site key name and use personalized pictures or symbols that appear during the login process. In addition, banks should ask customers to answer a security question before gaining access to their account.
"The more layers you have before you get to your account, the safer you are," Sullivan says.
In the event you become a victim of online theft, act quickly and know your rights. The general rule for consumer checking and savings accounts is the bank is liable for most of the damage, as long as you report the illicit transfer in a timely manner. But if you have a line of credit account or a business account, you need to be extra careful, because the bank will not always be obligated to pay for your loss.
"It is based on whether the customer's conduct with respect to security was reasonable," he says. In that case the court will ultimately determine who was more at fault for the breach -- the bank or the consumer.
Business accounts are the most vulnerable to hacker attacks and the least protected by the law. Hackers are much more inclined to break into a six-figure business account than a consumer account with a few thousand dollars, Sullivan says.
"There are hundreds of cases of thefts of money from small business deposit accounts each year," Johnson says.
Business accounts are regulated by the Uniform Commercial Code, or UCC, which requires banks to maintain "commercial reasonable authentication security procedures," in any kind of wire transfer, he says.
"If the bank can show the breach was caused by something the customer did the bank is not liable," Johnson says.
California attorney Nada Alnajafi says most small businesses don't understand the risk they are taking when they use wire-transfer accounts.
"I don't think a lot of them understand they are taking almost full risk for any potential issues," she says.
She is representing a small Los Angeles business owner who lost $50,000 after a hacker committed a fraudulent transfer from his Bank of America account to a Croatian Bank. She filed a lawsuit on behalf of her client against Bank of America in February because the bank refused to take responsibility for the theft, she says.
Bank of America claims it is not liable for the illicit transfer. The lawsuit is pending.
How to Help Protect Your Account
• Don't access your account from a shared computer.
• Be certain your computer has anti-virus, firewall and anti-spyware programs, including security software with automatic updates.
• If you are using wireless service, check the settings on your computer to make sure the connection is encrypted. Don't connect to your account using a public network, like the ones you find at a coffee shop or at the airport.
• Review your statements regularly and carefully, and report any suspicious activity to your bank immediately.
• Use a strong password with letters and numbers combined. Don't use the same password for multiple accounts.
• Log out after every session.