Internet Banking Warning

[Spotty]

Heres a story that will make your hair curl and rethink just how secure is internet banking?

Had a few grand taken out of my account fraudulently....the bank replaced the stolen money which is a relief but its been a stressful few weeks.

I had the latest antivirus software and XP service pack 2 installed on my work PC. The antivirus downloads updates each day and regularly auto scans my PC. Somehow an infosneak virus got into my PC....it monitors and forwards your keystrokes to a remote user....blah blah.

Apart from the fraud and the security thing what really concerns me is the process the bank take you through.

Why do I have to get a police report - when it is the banks system that has been breached - if a branch is robbed in a stick up - the bank loses out calls the cops etc ......gets the report ...not me.

Why do I have to assign via a stat dec the conducting of my investigation away from the police ....to the bank. This doesnt seem very independant - besides my fraud could have just as easily been committed within the bank.

When you sign up for internet banking the bank specifies the minimum computer security requirements you must have - where does this leave your employer or an IT contractor in terms of potential liability if the workplace internet secuirty systems fail and a fraud occurrs with an employees bank account where the employer allows staff to conduct internet banking. If the staff member is the victum of a fraud and the bank fails to cough up then the employee may have case to sue the employer or the IT contractor.

After talking to a few colleagues who work in banks there is a great deal of internet banking fraud happening out there....the banks are keeping it quiet - you can understand why.....if people lose confidence in the security of internet banking the cost to the banks to reinstate their branch structure would be horrific.

For me.....no more internet banking.......its conveiniant but the risks and the other potential complications are to great. In case you wondering 'which bank'....it wasnt 'that bank' but the whole expereince left me feeling rather 'blue'.

[EA2BA]

The workplace has no obligation to provide internet access in the first place, so therefore it would be a use at own risk scenario. I fail to see how an employer could be held responsible at the end of the day for someone conducting personal business on a work computer.

Good to see you got your money back though.

[photn]

ive known for a long time about the Fruad and theft Via internet banking...hence why i got 2 Different accounts and my employer pays 2/3rds into one and 1/3 into another... i only ever access the 1/3 via the net and there is very little money in there.. the other one i only have a card for and go into the bank to do what ever it is that i have to do...IE pay bills or what ever esle....best of both worlds ....

How did the virus get installed on the computer in the first place is my question.

Also does your net banking have a password that you type in, or you have to press the keys with your mouse.

[Spotty]

Quote:

Originally Posted by EA2BA

The workplace has no obligation to provide internet access in the first place, so therefore it would be a use at own risk scenario. I fail to see how an employer could be held responsible at the end of the day for someone conducting personal business on a work computer.

Good to see you got your money back though.

Yes it was good, I do agree with your comment about the workplace not having an obligation etc.....but many workplaces have their staff sign IT access policies which set out terms and conditions of use etc. I know of a few businesses who have these agreements and the agreements actually say ..business IT use for reasonable personal use, e.g. internet banking is permissable. The bank also said to me ....and I have it in writing ..that for any of that banks customers who use internet banking via our business, that it is our businesses reponsibility to ensure that IT security meets the banks requirements...I kid you not!

[BlewThunder]

Quote:

Originally Posted by Spotty

Heres a story that will make your hair curl and rethink just how secure is internet banking?

Had a few grand taken out of my account fraudulently....the bank replaced the stolen money which is a relief but its been a stressful few weeks.

I had the latest antivirus software and XP service pack 2 installed on my work PC. The antivirus downloads updates each day and regularly auto scans my PC. Somehow an infosneak virus got into my PC....it monitors and forwards your keystrokes to a remote user....blah blah.

Apart from the fraud and the security thing what really concerns me is the process the bank take you through.
What so you would rather the bank just willy nilly handed people money everytime they rang up and said 'I think i had a few thousand taken from my account, but it wasn't me Mr Bank Manager....Honest' give me a break, then you will be complaining that you have $50 a month bank fees instead of $5. They have these processes in place in every instance of a complaint / monetary compensation/reimbursement to act as a deterrant for fraud. Yes it is a P.I.T.A. but it works so quit your whinging

Why do I have to get a police report - when it is the banks system that has been breached - if a branch is robbed in a stick up - the bank loses out calls the cops etc ......gets the report ...not me.
Because it wasn't the banks computer system that was breached, as you stated you had an infosneak virus on YOUR pc

Why do I have to assign via a stat dec the conducting of my investigation away from the police ....to the bank. This doesnt seem very independant - besides my fraud could have just as easily been committed within the bank.

Now this one....I have nothing for.....


When you sign up for internet banking the bank specifies the minimum computer security requirements you must have - where does this leave your employer or an IT contractor in terms of potential liability if the workplace internet secuirty systems fail and a fraud occurrs with an employees bank account where the employer allows staff to conduct internet banking. If the staff member is the victum of a fraud and the bank fails to cough up then the employee may have case to sue the employer or the IT contractor.


After talking to a few colleagues who work in banks there is a great deal of internet banking fraud happening out there....the banks are keeping it quiet - you can understand why.....if people lose confidence in the security of internet banking the cost to the banks to reinstate their branch structure would be horrific.

For me.....no more internet banking.......its conveiniant but the risks and the other potential complications are to great. In case you wondering 'which bank'....it wasnt 'that bank' but the whole expereince left me feeling rather 'blue'.

Internet banking is fine, just do it on a computer you don't look at porn on, or get out of the habbit of clicking on pop ups or 'warnings' that say your computer has registry problems click here to fix, and as well as firewall and anti-virus its a good idea to clean out your cookie folder every month or so, thats where the majority of the nasty embedded things go. I've been doing that for the past 3 years and never had a problem. Anyway the main thing is you got your cash back.

Cheers

Ryan

[EA2BA]

I like how the banks set a minumum securtity policy for the use of the services they provide, yet do no checks before allowing you to use the services, let alone a splash page with the current requirements, no wonder fraud is so high.

whats the saying all care but no responability.

I go through alot of trouble to keep everything up to date on our network, both patches and anti-virus and regular scans, but at the end of the day if someone gets a virus they put it there, I can't baby sit users 24/7.

[normxb]

Quote:

Originally Posted by photn

ive known for a long time about the Fruad and theft Via internet banking...hence why i got 2 Different accounts and my employer pays 2/3rds into one and 1/3 into another... i only ever access the 1/3 via the net and there is very little money in there.. the other one i only have a card for and go into the bank to do what ever it is that i have to do...IE pay bills or what ever esle....best of both worlds ....

I do a similar thing , a completely different account for the internet. If a bill is coming due , my wife deposits into this account . IF someone does get into the account the most they will get is $15 - $20 , hardly worth their while .

I feel much safer this way , plus can still pay via internet.

[photn]

Quote:

Originally Posted by normxb

I do a similar thing , a completely different account for the internet. If a bill is coming due , my wife deposits into this account . IF someone does get into the account the most they will get is $15 - $20 , hardly worth their while .

I feel much safer this way , plus can still pay via internet.

yer id just love to see a hackers face if they hacked into my account and found $2.3 in my account LOL....hehehehehe SUCKER!!!!!

[Polyal]

Quote:

Originally Posted by BlewThunder

Internet banking is fine, just do it on a computer you don't look at porn on

Ryan

LOL..call of the week!

Ive used internet banking for ages and never had an issue. You just need to keep your antivirus and spyware apps up to date, and run them atleast everyday.

[jeffb]

Quote:

Originally Posted by Spotty

Why do I have to get a police report - when it is the banks system that has been breached - if a branch is robbed in a stick up - the bank loses out calls the cops etc ......gets the report ...not me.

the banks system was not breached, yours was, which enabled someone else to log on as if they were you. to use your analogy above it would be like someone walking into a branch and forging your signature to withdraw money from your account, you cant blame the bank for that.

As long as you take precautionary measures to keep you PC security up to date, the chances of running into this kind of trouble is very very low.

another way these people get your credentials is with those fake emails asking people to verify their credentials, then they basically do the same thing.

[niko]

that's why westpac's logon system is perfect... push button system (on screen keyboard)

[Bill_R]

what Bank? A hint will do.
Westpac doesn't use keystrokes. you need to click on a keypad embedded in the web page to send your password.
Don't expect an antivirus application despite how well it is updated to catch that sort of worm. you need a much higher level of security. In your case, a two-way firewall might have alerted you to the outbound access. Many think the inbound prevention from the XP firewall is enough. I usually agree based on the fact that you need to let something "infect" the system first. but yours is an example where it wasn't. Safe practise - don't open files or email from unknown sources, don't allow untrusted controls to install etc is the best prevention.

[Laminge]

Quote:

Originally Posted by niko

that's why westpac's logon system is perfect... push button system (on screen keyboard)

Agree

There is no back door into the banks system, just your pc.

[Polyal]

Another happy westpac person here!

[luke]

When I used to use Internet banking, I would only access it on my Linux machine at home, as I never trust Windows.

However if you really feel the need to use Windows,

ALWAYS use Windows update. If you pirated your copy of Windows, you won't be able to use it, because they verify that your copy is genuine before allowing access. Believe me, it's well worth paying for a copy to keep Windows up to date.

Don't even think about going on the net unless you have SP2

Always have an antivirus program running. I use AVG as it's free and is updated almost daily.

Probably a good idea to use a different firewall besides the Windows one.

[clontarf_x]

^

What he said is spot on "_

[photn]

Quote:

Originally Posted by luke

When I used to use Internet banking, I would only access it on my Linux machine at home, as I never trust Windows.

However if you really feel the need to use Windows,

ALWAYS use Windows update. If you pirated your copy of Windows, you won't be able to use it, because they verify that your copy is genuine before allowing access. Believe me, it's well worth paying for a copy to keep Windows up to date.

Don't even think about going on the net unless you have SP2

Always have an antivirus program running. I use AVG as it's free and is updated almost daily.

Probably a good idea to use a different firewall besides the Windows one.

LINUX POWAH YEAH!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[sgt_doofey]

Used internet banking now for probably in excess of 5 years. Never once have I had a problem. As everyone has said, it is a matter of being dilligent with your computer security at home.

Another measure you can use at home is to not use Internet Explorer whilst browsing the internet. This also helps reduce the means of virii being installed on to your PC.

[Pedro]

Quote:

Originally Posted by sgt_doofey

Used internet banking now for probably in excess of 5 years. Never once have I had a problem. As everyone has said, it is a matter of being dilligent with your computer security at home.

Another measure you can use at home is to not use Internet Explorer whilst browsing the internet. This also helps reduce the means of virii being installed on to your PC.

I do a lot of internet banking. I have the latest Norton anti virus and firewall protection and have automatic daily updates from Norton and Microsoft. I use Internet Explorer to browse. Am I still at risk?

[4.9 EF Futura]

Quote:

Originally Posted by EA2BA

whats the saying all care but no responability.

Some may know that i work in the field of banking regulation. I can only say that the truth could not be further away from these sentiments.

Fraud in terms of operational risk will ALWAYS be present and the banks do exceptionally well to manage it.

It's a huge issue. In a perfect world, everyone would be using secure ID tags. Indeed, i think HSBC requires this "tertiary" level of security for their internet bankers. But think what it would cost one of the majors to send a (quite expensive) ID tag to EVERY single customer.

To put it bluntly - the losses attributable to fraud will cost less than such an excercise. Why would you spend $10 million per year to prevent $5million of fraud?

As you can see - it's not a 'black and white' answer to a black and white problem.

In most cases in terms of follow up action, it is a lack of interest from the police. Think about it. What political gain is there to be had? The bank wears the cost of frauds, the police dont have any benefit to gain by helping institutions which most of the public despise.

In this case, as has been said, the flaw is in the operation of windows on your computer. As far as the bank is concerned, there was no breach. It was one of their customers that got ripped off. Im suprised you're not more grateful that they covered it.

[EA2BA]

4.9 EF Futura my comments were more aimed at the business providing the internet not the banks.

I worked in the banking industry for a number of years, so I know how serious fraud is treated and it is always looked at very seriously.

[4.9 EF Futura]

Quote:

Originally Posted by EA2BA

4.9 EF Futura my comments were more aimed at the business providing the internet not the banks.

.

Sorry mate - my bad!

*please retract comment when reading my drivel*

[05MkIIFutura]

Quote:

Originally Posted by 4.9 EF Futura

It's a huge issue. In a perfect world, everyone would be using secure ID tags. Indeed, i think HSBC requires this "tertiary" level of security for their internet bankers. But think what it would cost one of the majors to send a (quite expensive) ID tag to EVERY single customer.

From Nov 11, SUNCORP will also be offering these secure ID cards as an option to customers. Once again, they seem to be at the front of the pack.

[Spotty]

Quote:

Originally Posted by 4.9 EF Futura

Some may know that i work in the field of banking regulation. I can only say that the truth could not be further away from these sentiments.

Fraud in terms of operational risk will ALWAYS be present and the banks do exceptionally well to manage it.

It's a huge issue. In a perfect world, everyone would be using secure ID tags. Indeed, i think HSBC requires this "tertiary" level of security for their internet bankers. But think what it would cost one of the majors to send a (quite expensive) ID tag to EVERY single customer.

To put it bluntly - the losses attributable to fraud will cost less than such an excercise. Why would you spend $10 million per year to prevent $5million of fraud?


All of the security computer arrangements requested by the
As you can see - it's not a 'black and white' answer to a black and white problem.


In most cases in terms of follow up action, it is a lack of interest from the police. Think about it. What political gain is there to be had? The bank wears the cost of frauds, the police dont have any benefit to gain by helping institutions which most of the public despise.

In this case, as has been said, the flaw is in the operation of windows on your computer. As far as the bank is concerned, there was no breach. It was one of their customers that got ripped off. Im suprised you're not more grateful that they covered it.

Seeing I was the one who was ripped off here are some further thoughts:

I'm certainly grateful that my money was recovered. Regarding my fraud all of the computer security arrangements including current anti virus software,a 2 way firewall, spy software were in place, yet....there was still a breach. My system was not breached it was the banks. The police are interested but dont have the resources to deal with the huge volume of fraud that is occurring. I have been contacted by the cops on at least 3 occasions but it is to difficult for them to gain access the banks systems to investigate.The banks are keeping the huge numbers of frauds quiet for obvious reasons. Regarding the practice of some banks to offer keyboard style login this is no longer secure. There is now a virus that uses a keyboard emulation program to obtain your password details. I heard about this from a mate who operates an internet cafe in London.

Internet banking is useful...but I no longer trust it. There is no way my pay is now going to a bank account that is linked to internet banking. These bastards monitor your account and no when you are next going to be paid and then whammo.....2 weeks work is gone.

[gozza]

Quote:

Originally Posted by Polyal

Another happy westpac person here!

have you ever used Westpac for business...ie their token system?

absolute joke

[EA2BA]

Quote:

I heard about this from a mate who operates an internet cafe in London.

Can I please have a source of this information, I can't find any proof.

I truly find it hard to belive a BANKS system was breached, it was your computer that recorded the details and sent them to a 3rd party, the 3rd party used your known creditianls to then take the money, what breach of BANK system has there been?

[BlewThunder]

Quote:

Originally Posted by Spotty

My system was not breached it was the banks.

Ok so lets say some punk breached the banks system...why on gods green earth would he steal just a measley $2000 from YOUR PERSONAL account, when he would have MILLIONS available from the banks system. Sorry dude but your story doesn't add up, you got your money back, get some facts and stop whinging.

Quote:

Originally Posted by Spotty

Regarding the practice of some banks to offer keyboard style login this is no longer secure. There is now a virus that uses a keyboard emulation program to obtain your password details. I heard about this from a mate who operates an internet cafe in London.

I'm not sure about westpac and other banks systems, but I know with ING direct and their online login it has a numeric keypad that pops up that you click on, the lay out of the keys is different every time, so this virus would have to a) decode this keypad b) work out where my mouse clicks c) put the two together. The probability of that seems off the scale....but hey it could be possible.

Quote:

Originally Posted by Spotty

These bastards monitor your account and no when you are next going to be paid and then whammo.....2 weeks work is gone.

Paranoid MUCH? If they monitor your account through a breach in your system, and you don't notice, more fool you. You will probably find a last logon time for your banking which you should always check and make sure it was a time you actually logged on...if it wasn't then id be calling the bank. If they monitor your account through a breach in the banks software, do you not think they would steal from a shitload more peoples accounts and therefore prompt an investigation by the bank as to why its losing ITS money....

Sorry to rain on you parade....but what's the saying...no point crying over spilt milk...especially when you dropped the carton....especially when the bank replaced said carton. :Up_to_som

[4.9 EF Futura]

Quote:

Originally Posted by EA2BA

I truly find it hard to belive a BANKS system was breached, it was your computer that recorded the details and sent them to a 3rd party, the 3rd party used your known creditianls to then take the money, what breach of BANK system has there been?

Exactly. From the bank's perspective, their system was working fine. Had you not reported the fraud, they would not have even known because on their "dashboard", all the "gauges" were working fine.

And this is the unique risk which arises from internet banking. The bank is allowing you to access a very secure system from a very unsecure terminal.

And also results in what may appear to be some pretty rude behaviour. They need to be confident that you were indeed ripped off - and that you're not just trying to scam them. To do any less would be a slap in the face to other depositors and also the bank's shareholders.

At the end of the day, the Banks will be forever chasing their tail - and they know this. For every measure they implement, the crooks will get around it. It's a matter of staying a step ahead of them... maybe even half a step.

[jeffb]

Quote:

Originally Posted by Spotty

Regarding my fraud all of the computer security arrangements including current anti virus software,a 2 way firewall, spy software were in place, yet....there was still a breach. My system was not breached it was the banks.

Sorry dude, I work in the financial sector, you cant just break down the banks gate and help youself, your system was comprimised not the banks. if you were using quality spyware and antivirus tools along with a firewall this would not have happened.