Internet Banking Warning

[Spotty]

Heres a story that will make your hair curl and rethink just how secure is internet banking?

Had a few grand taken out of my account fraudulently....the bank replaced the stolen money which is a relief but its been a stressful few weeks.

I had the latest antivirus software and XP service pack 2 installed on my work PC. The antivirus downloads updates each day and regularly auto scans my PC. Somehow an infosneak virus got into my PC....it monitors and forwards your keystrokes to a remote user....blah blah.

Apart from the fraud and the security thing what really concerns me is the process the bank take you through.

Why do I have to get a police report - when it is the banks system that has been breached - if a branch is robbed in a stick up - the bank loses out calls the cops etc ......gets the report ...not me.

Why do I have to assign via a stat dec the conducting of my investigation away from the police ....to the bank. This doesnt seem very independant - besides my fraud could have just as easily been committed within the bank.

When you sign up for internet banking the bank specifies the minimum computer security requirements you must have - where does this leave your employer or an IT contractor in terms of potential liability if the workplace internet secuirty systems fail and a fraud occurrs with an employees bank account where the employer allows staff to conduct internet banking. If the staff member is the victum of a fraud and the bank fails to cough up then the employee may have case to sue the employer or the IT contractor.

After talking to a few colleagues who work in banks there is a great deal of internet banking fraud happening out there....the banks are keeping it quiet - you can understand why.....if people lose confidence in the security of internet banking the cost to the banks to reinstate their branch structure would be horrific.

For me.....no more internet banking.......its conveiniant but the risks and the other potential complications are to great. In case you wondering 'which bank'....it wasnt 'that bank' but the whole expereince left me feeling rather 'blue'.

[EA2BA]

The workplace has no obligation to provide internet access in the first place, so therefore it would be a use at own risk scenario. I fail to see how an employer could be held responsible at the end of the day for someone conducting personal business on a work computer.

Good to see you got your money back though.

[Spotty]

Quote:

Originally Posted by EA2BA

The workplace has no obligation to provide internet access in the first place, so therefore it would be a use at own risk scenario. I fail to see how an employer could be held responsible at the end of the day for someone conducting personal business on a work computer.

Good to see you got your money back though.

Yes it was good, I do agree with your comment about the workplace not having an obligation etc.....but many workplaces have their staff sign IT access policies which set out terms and conditions of use etc. I know of a few businesses who have these agreements and the agreements actually say ..business IT use for reasonable personal use, e.g. internet banking is permissable. The bank also said to me ....and I have it in writing ..that for any of that banks customers who use internet banking via our business, that it is our businesses reponsibility to ensure that IT security meets the banks requirements...I kid you not!

[photn]

ive known for a long time about the Fruad and theft Via internet banking...hence why i got 2 Different accounts and my employer pays 2/3rds into one and 1/3 into another... i only ever access the 1/3 via the net and there is very little money in there.. the other one i only have a card for and go into the bank to do what ever it is that i have to do...IE pay bills or what ever esle....best of both worlds ....

[normxb]

Quote:

Originally Posted by photn

ive known for a long time about the Fruad and theft Via internet banking...hence why i got 2 Different accounts and my employer pays 2/3rds into one and 1/3 into another... i only ever access the 1/3 via the net and there is very little money in there.. the other one i only have a card for and go into the bank to do what ever it is that i have to do...IE pay bills or what ever esle....best of both worlds ....

I do a similar thing , a completely different account for the internet. If a bill is coming due , my wife deposits into this account . IF someone does get into the account the most they will get is $15 - $20 , hardly worth their while .

I feel much safer this way , plus can still pay via internet.

[photn]

Quote:

Originally Posted by normxb

I do a similar thing , a completely different account for the internet. If a bill is coming due , my wife deposits into this account . IF someone does get into the account the most they will get is $15 - $20 , hardly worth their while .

I feel much safer this way , plus can still pay via internet.

yer id just love to see a hackers face if they hacked into my account and found $2.3 in my account LOL....hehehehehe SUCKER!!!!!

[Miss_XR6]

Quote:

Originally Posted by photn

ive known for a long time about the Fruad and theft Via internet banking...hence why i got 2 Different accounts and my employer pays 2/3rds into one and 1/3 into another... i only ever access the 1/3 via the net and there is very little money in there.. the other one i only have a card for and go into the bank to do what ever it is that i have to do...IE pay bills or what ever esle....best of both worlds ....

it also depends on what industry u work in if you are allowed internet or not.

How did the virus get installed on the computer in the first place is my question.

Also does your net banking have a password that you type in, or you have to press the keys with your mouse.

[BlewThunder]

Quote:

Originally Posted by Spotty

Heres a story that will make your hair curl and rethink just how secure is internet banking?

Had a few grand taken out of my account fraudulently....the bank replaced the stolen money which is a relief but its been a stressful few weeks.

I had the latest antivirus software and XP service pack 2 installed on my work PC. The antivirus downloads updates each day and regularly auto scans my PC. Somehow an infosneak virus got into my PC....it monitors and forwards your keystrokes to a remote user....blah blah.

Apart from the fraud and the security thing what really concerns me is the process the bank take you through.
What so you would rather the bank just willy nilly handed people money everytime they rang up and said 'I think i had a few thousand taken from my account, but it wasn't me Mr Bank Manager....Honest' give me a break, then you will be complaining that you have $50 a month bank fees instead of $5. They have these processes in place in every instance of a complaint / monetary compensation/reimbursement to act as a deterrant for fraud. Yes it is a P.I.T.A. but it works so quit your whinging

Why do I have to get a police report - when it is the banks system that has been breached - if a branch is robbed in a stick up - the bank loses out calls the cops etc ......gets the report ...not me.
Because it wasn't the banks computer system that was breached, as you stated you had an infosneak virus on YOUR pc

Why do I have to assign via a stat dec the conducting of my investigation away from the police ....to the bank. This doesnt seem very independant - besides my fraud could have just as easily been committed within the bank.

Now this one....I have nothing for.....


When you sign up for internet banking the bank specifies the minimum computer security requirements you must have - where does this leave your employer or an IT contractor in terms of potential liability if the workplace internet secuirty systems fail and a fraud occurrs with an employees bank account where the employer allows staff to conduct internet banking. If the staff member is the victum of a fraud and the bank fails to cough up then the employee may have case to sue the employer or the IT contractor.


After talking to a few colleagues who work in banks there is a great deal of internet banking fraud happening out there....the banks are keeping it quiet - you can understand why.....if people lose confidence in the security of internet banking the cost to the banks to reinstate their branch structure would be horrific.

For me.....no more internet banking.......its conveiniant but the risks and the other potential complications are to great. In case you wondering 'which bank'....it wasnt 'that bank' but the whole expereince left me feeling rather 'blue'.

Internet banking is fine, just do it on a computer you don't look at porn on, or get out of the habbit of clicking on pop ups or 'warnings' that say your computer has registry problems click here to fix, and as well as firewall and anti-virus its a good idea to clean out your cookie folder every month or so, thats where the majority of the nasty embedded things go. I've been doing that for the past 3 years and never had a problem. Anyway the main thing is you got your cash back.

Cheers

Ryan

[Polyal]

Quote:

Originally Posted by BlewThunder

Internet banking is fine, just do it on a computer you don't look at porn on

Ryan

LOL..call of the week!

Ive used internet banking for ages and never had an issue. You just need to keep your antivirus and spyware apps up to date, and run them atleast everyday.

[EA2BA]

I like how the banks set a minumum securtity policy for the use of the services they provide, yet do no checks before allowing you to use the services, let alone a splash page with the current requirements, no wonder fraud is so high.

whats the saying all care but no responability.

I go through alot of trouble to keep everything up to date on our network, both patches and anti-virus and regular scans, but at the end of the day if someone gets a virus they put it there, I can't baby sit users 24/7.

[4.9 EF Futura]

Quote:

Originally Posted by EA2BA

whats the saying all care but no responability.

Some may know that i work in the field of banking regulation. I can only say that the truth could not be further away from these sentiments.

Fraud in terms of operational risk will ALWAYS be present and the banks do exceptionally well to manage it.

It's a huge issue. In a perfect world, everyone would be using secure ID tags. Indeed, i think HSBC requires this "tertiary" level of security for their internet bankers. But think what it would cost one of the majors to send a (quite expensive) ID tag to EVERY single customer.

To put it bluntly - the losses attributable to fraud will cost less than such an excercise. Why would you spend $10 million per year to prevent $5million of fraud?

As you can see - it's not a 'black and white' answer to a black and white problem.

In most cases in terms of follow up action, it is a lack of interest from the police. Think about it. What political gain is there to be had? The bank wears the cost of frauds, the police dont have any benefit to gain by helping institutions which most of the public despise.

In this case, as has been said, the flaw is in the operation of windows on your computer. As far as the bank is concerned, there was no breach. It was one of their customers that got ripped off. Im suprised you're not more grateful that they covered it.

[05MkIIFutura]

Quote:

Originally Posted by 4.9 EF Futura

It's a huge issue. In a perfect world, everyone would be using secure ID tags. Indeed, i think HSBC requires this "tertiary" level of security for their internet bankers. But think what it would cost one of the majors to send a (quite expensive) ID tag to EVERY single customer.

From Nov 11, SUNCORP will also be offering these secure ID cards as an option to customers. Once again, they seem to be at the front of the pack.

[Laminge]

Quote:

Originally Posted by 05MkIIFutura

From Nov 11, SUNCORP will also be offering these secure ID cards as an option to customers. Once again, they seem to be at the front of the pack.

Secure ID Cards for internet banking... are you sure its leading edge technology? : : :

Anyone heard of the EPOLI system, developers have managed to intergrate a payment gateway system to pre populate feilds in your Internet Banking window for ease of payments....

[strife]

[QUOTE=Laminge]Secure ID Cards for internet banking... are you sure its leading edge technology? : : :



its not westpac has used that for payment authorisation for nearly 5 or more years

[Spotty]

Quote:

Originally Posted by 4.9 EF Futura

Some may know that i work in the field of banking regulation. I can only say that the truth could not be further away from these sentiments.

Fraud in terms of operational risk will ALWAYS be present and the banks do exceptionally well to manage it.

It's a huge issue. In a perfect world, everyone would be using secure ID tags. Indeed, i think HSBC requires this "tertiary" level of security for their internet bankers. But think what it would cost one of the majors to send a (quite expensive) ID tag to EVERY single customer.

To put it bluntly - the losses attributable to fraud will cost less than such an excercise. Why would you spend $10 million per year to prevent $5million of fraud?


All of the security computer arrangements requested by the
As you can see - it's not a 'black and white' answer to a black and white problem.


In most cases in terms of follow up action, it is a lack of interest from the police. Think about it. What political gain is there to be had? The bank wears the cost of frauds, the police dont have any benefit to gain by helping institutions which most of the public despise.

In this case, as has been said, the flaw is in the operation of windows on your computer. As far as the bank is concerned, there was no breach. It was one of their customers that got ripped off. Im suprised you're not more grateful that they covered it.

Seeing I was the one who was ripped off here are some further thoughts:

I'm certainly grateful that my money was recovered. Regarding my fraud all of the computer security arrangements including current anti virus software,a 2 way firewall, spy software were in place, yet....there was still a breach. My system was not breached it was the banks. The police are interested but dont have the resources to deal with the huge volume of fraud that is occurring. I have been contacted by the cops on at least 3 occasions but it is to difficult for them to gain access the banks systems to investigate.The banks are keeping the huge numbers of frauds quiet for obvious reasons. Regarding the practice of some banks to offer keyboard style login this is no longer secure. There is now a virus that uses a keyboard emulation program to obtain your password details. I heard about this from a mate who operates an internet cafe in London.

Internet banking is useful...but I no longer trust it. There is no way my pay is now going to a bank account that is linked to internet banking. These bastards monitor your account and no when you are next going to be paid and then whammo.....2 weeks work is gone.

[BlewThunder]

Quote:

Originally Posted by Spotty

My system was not breached it was the banks.

Ok so lets say some punk breached the banks system...why on gods green earth would he steal just a measley $2000 from YOUR PERSONAL account, when he would have MILLIONS available from the banks system. Sorry dude but your story doesn't add up, you got your money back, get some facts and stop whinging.

Quote:

Originally Posted by Spotty

Regarding the practice of some banks to offer keyboard style login this is no longer secure. There is now a virus that uses a keyboard emulation program to obtain your password details. I heard about this from a mate who operates an internet cafe in London.

I'm not sure about westpac and other banks systems, but I know with ING direct and their online login it has a numeric keypad that pops up that you click on, the lay out of the keys is different every time, so this virus would have to a) decode this keypad b) work out where my mouse clicks c) put the two together. The probability of that seems off the scale....but hey it could be possible.

Quote:

Originally Posted by Spotty

These bastards monitor your account and no when you are next going to be paid and then whammo.....2 weeks work is gone.

Paranoid MUCH? If they monitor your account through a breach in your system, and you don't notice, more fool you. You will probably find a last logon time for your banking which you should always check and make sure it was a time you actually logged on...if it wasn't then id be calling the bank. If they monitor your account through a breach in the banks software, do you not think they would steal from a shitload more peoples accounts and therefore prompt an investigation by the bank as to why its losing ITS money....

Sorry to rain on you parade....but what's the saying...no point crying over spilt milk...especially when you dropped the carton....especially when the bank replaced said carton. :Up_to_som

[Spotty]

Quote:

Originally Posted by BlewThunder

Ok so lets say some punk breached the banks system...why on gods green earth would he steal just a measley $2000 from YOUR PERSONAL account, when he would have MILLIONS available from the banks system. Sorry dude but your story doesn't add up, you got your money back, get some facts and stop whinging.



I'm not sure about westpac and other banks systems, but I know with ING direct and their online login it has a numeric keypad that pops up that you click on, the lay out of the keys is different every time, so this virus would have to a) decode this keypad b) work out where my mouse clicks c) put the two together. The probability of that seems off the scale....but hey it could be possible.





Paranoid MUCH? If they monitor your account through a breach in your system, and you don't notice, more fool you. You will probably find a last logon time for your banking which you should always check and make sure it was a time you actually logged on...if it wasn't then id be calling the bank. If they monitor your account through a breach in the banks software, do you not think they would steal from a shitload more peoples accounts and therefore prompt an investigation by the bank as to why its losing ITS money....

Sorry to rain on you parade....but what's the saying...no point crying over spilt milk...especially when you dropped the carton....especially when the bank replaced said carton. :Up_to_som

Your not raining on my parade.......you've just dropped one in your own jocks.
Why are you so defensive about the lack of security of internet banking? People ARE being ripped off. The backlog of internet banking fraud cases in my bank is now 3 -5 weeks or around 500+ transactions. And why are the banks taking the financial hit by reimbursing customers the money that has been stolen? ....their very concerned and do not want the publicity. Can you answer this.....would a bank give you your money back if you took out cash via teller and were then robbed out in the street? I will answer it for you NO. The banks have to much to lose if their is a substantial drop in confidence in the security of internet banking. In answer to your comment as to why millions arent being ripped off (and I dont recall mentioning any specific amount being taken from my account- where did you dream that one up??) - the answer is quite simple there are daily withdrawl limits placed on these accounts and the fraudsters prefer to embezzle smaller amounts to minmise attention.

So dude...you say my 'story' doesnt add up?? Really? A story you claim. and .....am I really a fool for forgetting to logon on to my internet banking account at 4.16am and noticing that their had been a fraudulent withdrawl at 4.09am? and that my last login in time was 8.50pm 7 days prior.

Actually on reflection I feel sorry for you....or perhaps you work in a bank whatever, my 'story' was put out there in the public interest and its a pity you have attempted to discredit it. I have no idea why, but I wish you well with your confidence with the security of internet banking.

[jeffb]

Quote:

Originally Posted by Spotty

Regarding my fraud all of the computer security arrangements including current anti virus software,a 2 way firewall, spy software were in place, yet....there was still a breach. My system was not breached it was the banks.

Sorry dude, I work in the financial sector, you cant just break down the banks gate and help youself, your system was comprimised not the banks. if you were using quality spyware and antivirus tools along with a firewall this would not have happened.

[Spotty]

Quote:

Originally Posted by jeffb

Sorry dude, I work in the financial sector, you cant just break down the banks gate and help youself, your system was comprimised not the banks. if you were using quality spyware and antivirus tools along with a firewall this would not have happened.

My PC (which by the way did have spyware, latest symantec anti vrius and a 2 way firewall + Xp with service pack 2 installed) was the most certainly the access point to the 'banks system'. When I talk about the 'banks system' I am not referring to the banks databases. By system I mean the 'whole business system' which when looked at holistically in an internet banking context encompasses the interconnectiveness of banks internet banking policies, my PC and their database. One would think that the level of security referred to above would be sufficient....but it seems not.

[Laminge]

Quote:

Originally Posted by Spotty

My system was not breached it was the banks. .....

No, the banks system was not breached, once you come to accept this, you will realise the flaws at your end.

No internet banking system has been breached.

I have over 21years experience in this industry.

As it is your right to run around the room with this theory being waived madly at others, so is mine to dispute it with a tad little more experience.

Your answer of NO to the ATM in the street is also of interest, but I am afraid the answer is not so straight forward as a NO.

I have seen enough people go through the justice system who would also disagree.

[HLC]

i can check my accounts on the net. but cannont transfer money or something?

i dont really know. my parents set it up. but no hassles here.

[strife]

Quote:

Originally Posted by EA2BA

I like how the banks set a minumum securtity policy for the use of the services they provide, yet do no checks before allowing you to use the services, let alone a splash page with the current requirements, no wonder fraud is so high.

whats the saying all care but no responability.

I go through alot of trouble to keep everything up to date on our network, both patches and anti-virus and regular scans, but at the end of the day if someone gets a virus they put it there, I can't baby sit users 24/7.

that would be the business v there it security folk...business win all the time

[jeffb]

Quote:

Originally Posted by Spotty

Why do I have to get a police report - when it is the banks system that has been breached - if a branch is robbed in a stick up - the bank loses out calls the cops etc ......gets the report ...not me.

the banks system was not breached, yours was, which enabled someone else to log on as if they were you. to use your analogy above it would be like someone walking into a branch and forging your signature to withdraw money from your account, you cant blame the bank for that.

As long as you take precautionary measures to keep you PC security up to date, the chances of running into this kind of trouble is very very low.

another way these people get your credentials is with those fake emails asking people to verify their credentials, then they basically do the same thing.

[niko]

that's why westpac's logon system is perfect... push button system (on screen keyboard)

[Laminge]

Quote:

Originally Posted by niko

that's why westpac's logon system is perfect... push button system (on screen keyboard)

Agree

There is no back door into the banks system, just your pc.

[luke]

When I used to use Internet banking, I would only access it on my Linux machine at home, as I never trust Windows.

However if you really feel the need to use Windows,

ALWAYS use Windows update. If you pirated your copy of Windows, you won't be able to use it, because they verify that your copy is genuine before allowing access. Believe me, it's well worth paying for a copy to keep Windows up to date.

Don't even think about going on the net unless you have SP2

Always have an antivirus program running. I use AVG as it's free and is updated almost daily.

Probably a good idea to use a different firewall besides the Windows one.

[photn]

Quote:

Originally Posted by luke

When I used to use Internet banking, I would only access it on my Linux machine at home, as I never trust Windows.

However if you really feel the need to use Windows,

ALWAYS use Windows update. If you pirated your copy of Windows, you won't be able to use it, because they verify that your copy is genuine before allowing access. Believe me, it's well worth paying for a copy to keep Windows up to date.

Don't even think about going on the net unless you have SP2

Always have an antivirus program running. I use AVG as it's free and is updated almost daily.

Probably a good idea to use a different firewall besides the Windows one.

LINUX POWAH YEAH!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[sgt_doofey]

Used internet banking now for probably in excess of 5 years. Never once have I had a problem. As everyone has said, it is a matter of being dilligent with your computer security at home.

Another measure you can use at home is to not use Internet Explorer whilst browsing the internet. This also helps reduce the means of virii being installed on to your PC.

[Homer1]

Quote:

Originally Posted by niko

that's why westpac's logon system is perfect... push button system (on screen keyboard)

HSBC have a random PIN code where they issue you a small keyring thing and you press the button to get the code for that particular date and time. This is after you have entered your personal acc no. and PIN