Theft using IT is a rapidly growing area of crime, with ever-greater sophistication being used to plunder the bank accounts of the vulnerable and to obtain credit and/or goods. The results can be substantial financial loss (in the short term in any event) and a compromised credit history.
In a recent case, a small business had its bank account cleaned out over the Christmas period after falling foul of a ‘key reading’ scam when using a laptop to access the account from an hotel. These scams occur when a public place or hotel room has a ‘key reader’ secreted nearby (or key strokes are read from a laptop situated nearby if a wireless system is used). The key reader records the key strokes and stores them, often yielding credit card numbers as well as the information needed to access online bank accounts.
Here is a short guide to reducing the chances of theft from your online bank accounts:
- Make sure you use a secure online bank. The quality of security of Internet banking varies widely. In general, the more interactive (where you respond to prompts, as opposed to just entering information) the access to your account is, the better. Some new accounts offer a card-reader based access which is thought to be highly secure, although a recent report suggests that customers find the use of such devices cumbersome. The key here is to ask yourself how much information a fraudster would need to access your account and how much of that you are inputting. It wouldn’t take too much thought to work out that a surname keyed in by you is probably the correct response to the question ‘what is your mother’s maiden name?’
- Make sure anyone with access to your IT or IT security information, or to files where such information is kept, is thoroughly vetted. This might well include cleaners, for example.
- Do not access your account when away if at all possible. If you do need to do so, use a wired, as opposed to a wireless, connection. Never use an Internet café or similar establishment to access your bank account.
- Make sure you have a good firewall as well as anti-spyware and anti-virus software and make sure you update it and run system scans frequently (daily if possible). Run a scan of your computer system immediately before accessing your bank account.
- If you do access your account whilst away, make sure you can prove your whereabouts. That way, if you do suffer a loss, you will be able to prove you could not have made the withdrawals.
- Never use a debit card for an online purchase unless you are 100 per cent sure the site you are visiting is safe.
- Think about risk and assess it. If in doubt, wait until you are sure you can transact your business safely.
- The long stop is your bank’s policy towards such losses. If you are defrauded, the bank must reimburse you. However, banks do differ greatly in their attitude and whilst some reimburse promptly and with minimal fuss, some do make the process difficult and require persuasion that the alleged fraud is genuine. Report any suspicious transaction promptly to your bank.
Theft from Internet bank accounts is not usually carried out by amateur hackers, but by organised criminals. The best protection is a good defence.