It seems like we say it at least every other week, “The only fraud we’ve seen for online banking has been compromises at commercial customer sites.” And is evidenced by two breaches of high profile banks out of Dallas over the past month.
Plains Capital Bank had a breach at one of their customer’s sites, resulting in over $800,000 being transferred out of the bank and they turned around and sued their customer. PCB may get all their money back, but who wants to pay those court fees, lose a customer and fight that PR battle? In the other breach, the customer is suing Comerica and claiming that Comerica exposed them to phishing schemes. I’m anxious to see what happens in these cases and if banks and customers will turn lawsuits against each other over online banking breaches into a habit.
I mention these cases because they are the only ways that we have seen online banking accounts compromised over the past year or so, and it is becoming more prominent. Several of our clients have been breached by having their cash management customers credentials breached by either a keylogger, trojan, or rogue employee. I’d like to say that they can all be solved with a solid multi-factor authentication implementation, but the Bugat Trojan has found a way to circumvent Random Number Generating tokens.
There are still great risk mitigating ways to prevent your customer’s sites from being compromised including…
I believe this all goes to show banks that picking who you choose to do business with and properly training appropriate customer’s staff and cash management administrators can save bankers a lot of heartache. And from having to sue their customer.