8/8/2019 IT_BKG_2010_07

1/14

qwertyuiopasdfghjklzxcvbnmqwerty

uiopasdfghjklzxcvbnmqwertyuiopasd

fghjklzxcvbnmqwertyuiopasdfghjklzx

cvbnmqwertyuiopasdfghjklzxcvbnmq

wertyuiopasdfghjklzxcvbnmqwertyui

opasdfghjklzxcvbnmqwertyuiopasdfg

hjklzxcvbnmqwertyuiopasdfghjklzxc

vbnmqwertyuiopasdfghjklzxcvbnmq

wertyuiopasdfghjklzxcvbnmqwertyui

opasdfghjklzxcvbnmqwertyuiopasdfg

hjklzxcvbnmqwertyuiopasdfghjklzxc

vbnmqwertyuiopasdfghjklzxcvbnmq

wertyuiopasdfghjklzxcvbnmqwertyui

opasdfghjklzxcvbnmqwertyuiopasdfg

hjklzxcvbnmrtyuiopasdfghjklzxcvbn

mqwertyuiopasdfghjklzxcvbnmqwert

yuiopasdfghjklzxcvbnmqwertyuiopas

RISKS AND FRAUDS IN

ONLINE BANKING

Project Report

12/2/2010

D. Vamsi Krishna (109)

P. Pavan Kumar(114)

8/8/2019 IT_BKG_2010_07

2/14

INTRODUCTION

Internet banking is now a mass-market product that is demanded as an essential

service by increasing numbers of bank customers. More and more people rely upon the

convenience and ease of use of Internet banking services in their daily life. More and more,

the quality of a banks Internet banking service can affect the overall level of satisfaction and

loyalty of its customers. The growing availability and popularity of Internet banking has

created the biggest challenge to its continued viability and growth. Fraudsters are attracted by

the huge potential for online theft and are posing increasingly sophisticated and effective

threats to the security of customer transactions carried out over the Internet.

Online banking continues to present challenges to financial security and personal

privacy. Millions of people have had their checking accounts compromised, mainly as a

result of online banking. If we are going to use online banking to conduct financial

transactions, we should be aware of the risks and take precautions to minimize them.

Financial fraud has many faces. Whether it involves swindling, debit or credit card

fraud, real estate fraud, drug trafficking, identity theft, deceptive telemarketing, or money

laundering, the goal of cybercriminals is to make as much money as possible within a short

time and to do so inconspicuously.

The growing popularity of Electronic Funds Transfers (EFTs) may soon make paper

bills obsolete, as more individuals discover the ease of accessing their bank accounts and

transferring money electronically each day. EFT services are quickly becoming one of the

fastest growing segments of the financial services industry in the US and abroad. However,

with this trend, an increasing number of frauds involving money laundering and identity theft

in EFTs are continuing to emerge. While affording convenience, EFTs put the customer at

risk for serious security problems. In the US alone, an estimated $500 billion is electronically

transferred among financial institutions daily, providing criminals and financial terrorists vastopportunities to intercept funds. To further complicate the problem, evidence suggests that

credit risk and fraud are of even more concern during weak economic periods, when

bankruptcies and business failures are more prevalent.

Therefore, it is imperative that financial institutions be fully aware of the dangers

EFTs pose and the steps they must take in order to maintain the security of their funds, as

well as the funds of their customers. In order to protect their customers against fraud,

financial institutions must be proactive in their approach to training their staff on how to the

identify risks associated with EFTs.

8/8/2019 IT_BKG_2010_07

3/14

ELECTRONIC FUNDS TRANSFER (EFT)

An EFT is the electronic exchange or transfer of money from one account to another,

either within the same financial institution or across multiple institutions. In modern society,

many of our banking activities are performed electronically. Whether a customer is

withdrawing money from an ATM, using a credit card at a gas station, paying bills and

buying products online or transferring money from an account to another through a financial

institutions website, it is an EFT being performed. EFTs can even be performed from a cell

phone or Personal Digital Assistant (PDA). And there are often many steps. In US, for

example, before an EFT can be posted as either a debit or credit, it must first pass through an

Automated Clearing House (ACH), a system of the US Federal Reserve Bank that provides

EFTs between banks.

ATTACKS THAT TARGET ONLINE BANKING

Several types of electronic fraud specifically target online banking. Some of the more popular

types are:

Phishing attacks

Phishing attacks use fake email messages from an agency or individual pretending to

represent your bank or financial institution. The email asks you to provide sensitive

information (name, password, account number, and so forth) and provides links to a

counterfeit web site. If you follow the link and provide the requested information, intruders

can access your personal account information and finances and make financial transactions

from your account.

In some cases, pop-up windows can appear in front of a copy of a genuine bank web

site. The real web site address is displayed; however, any information you type directly into

the pop-up will go to unauthorized users. In a similar scheme, called Vishing, a person calls

you and pretends to be a bank representative seeking to verify account information. The box

below shows an example of a phishing attack which I got to my mail. It is about an

International Lottery for which my e-mail was selected and to claim this lottery I need to send

my details of

8/8/2019 IT_BKG_2010_07

4/14

Flag this message

Online result from our office (BNL) Sunday, September 30, 2007 7:47 PM

From:

"Mrs. Tracy Kelly"

Add sender to Contacts

To:

Undisclosed-recipients

British National Lottery

P O Box 1010

Liverpool, L70 1NL

UNITED KINGDOM

Dear Sir/Madam,

We are pleased to inform you of the result of the Winners in our

British International Lottery Program held on the 28th of September

2007. Your e-mail address attached to ticket number 564 75600545-188

with serial number 5388/02 drew lucky numbers 7-14-18-31-45, which

consequently won in the 2ND category, you have therefore been approvedfor a lump sum pay out of 100,000 (One hundred thousand pounds

sterling).

Due to mix up of some numbers and names, we ask that you keep your

winning information confidential until your claims have been fully

processed and your money remitted to you. This is part of our security

protocol to avoid multiple claims and unwarranted abuse of this program

by some participants. All participants were selected through a computer

ballot system drawn from over 20,000 company and 30,000,000 individual

email addresses and names from all over the world. This promotionalprogram takes place every five years.

To begin your claims process therefore, you are advised to

expeditiously contact our Director of finance for the processing of

your winning and remittance to your designated bank account after all

statutory obligations have been satisfactorily dispensed with.

To file for your claim, please contact our fiduciary agent:

Mr. Paul Walters (BRITISH NATIONAL LOTTERY)

32 Palmstraat, Liverpool, L70 1NL London.

http://us.mc563.mail.yahoo.com/mc/showMessage;_ylc=X3oDMTBrZ28zdG8wBF9TAzM5ODMwMTAyNwRhYwNGbGFn?sMid=5&fid=%2540S%2540Search&filterBy=&squery=lottery&vp=1&.rand=273352705&midIndex=5&mid=1_7448_21_502476_0_AO5u%2FNgAAM%2BLRv%2Bv%2BA3EsXyMmjA&fromId=jfarris21%40chartertn.net&clean=&m=1_4660_30_132416_0_AOZu%2FNgAAEJ6S3iMjgMzPzqA4H4%2C1_6382_21_471790_0_AO1u%2FNgAANFIR7mNjQ1OOnnuHVs%2C1_7448_21_502476_0_AO5u%2FNgAAM%2BLRv%2Bv%2BA3EsXyMmjA%2C1_8368_21_579308_0_AOdu%2FNgAAPISRZKTCg2uP0C%2FuNY%2C&sort=date&order=&startMid=0&.jsrand=1343532&acrumb=JEfCryEZp1x&mcrumb=tQaufISg04S&enc=auto&cmd=msg.flaghttp://us.mc563.mail.yahoo.com/mc/showMessage;_ylc=X3oDMTBrZ28zdG8wBF9TAzM5ODMwMTAyNwRhYwNGbGFn?sMid=5&fid=%2540S%2540Search&filterBy=&squery=lottery&vp=1&.rand=273352705&midIndex=5&mid=1_7448_21_502476_0_AO5u%2FNgAAM%2BLRv%2Bv%2BA3EsXyMmjA&fromId=jfarris21%40chartertn.net&clean=&m=1_4660_30_132416_0_AOZu%2FNgAAEJ6S3iMjgMzPzqA4H4%2C1_6382_21_471790_0_AO1u%2FNgAANFIR7mNjQ1OOnnuHVs%2C1_7448_21_502476_0_AO5u%2FNgAAM%2BLRv%2Bv%2BA3EsXyMmjA%2C1_8368_21_579308_0_AOdu%2FNgAAPISRZKTCg2uP0C%2FuNY%2C&sort=date&order=&startMid=0&.jsrand=1343532&acrumb=JEfCryEZp1x&mcrumb=tQaufISg04S&enc=auto&cmd=msg.flaghttp://us.lrd.yahoo.com/_ylc=X3oDMTBsdTZpcnZpBF9TAzM5ODMwMTAyNwRhYwNhZGRBQg--/SIG=1r7h4ofsb/**http%3A/address.mail.yahoo.com/yab%3Fv=YM%26A=m%26simp=1%26e=jfarris21%2540chartertn.net%26fn=Mrs.%26ln=Tracy%26.done=http%253A%252F%252Fus.mc563.mail.yahoo.com%252Fmc%252FshowMessage%253FsMid%253D5%2526fid%253D%25252540S%25252540Search%2526filterBy%253D%2526squery%253Dlottery%2526vp%253D1%2526.rand%253D273352705%2526midIndex%253D5%2526mid%253D1_7448_21_502476_0_AO5u%25252FNgAAM%25252BLRv%25252Bv%25252BA3EsXyMmjA%2526fromId%253Djfarris21%252540chartertn.net%2526clean%253D%2526m%253D1_4660_30_132416_0_AOZu%25252FNgAAEJ6S3iMjgMzPzqA4H4%25252C1_6382_21_471790_0_AO1u%25252FNgAANFIR7mNjQ1OOnnuHVs%25252C1_7448_21_502476_0_AO5u%25252FNgAAM%25252BLRv%25252Bv%25252BA3EsXyMmjA%25252C1_8368_21_579308_0_AOdu%25252FNgAAPISRZKTCg2uP0C%25252FuNY%25252C%2526sort%253Ddate%2526order%253D%2526startMid%253D0%2526.jsrand%253D1343532%2526acrumb%253DJEfCryEZp1x%2526enc%253Dautohttp://us.lrd.yahoo.com/_ylc=X3oDMTBsdTZpcnZpBF9TAzM5ODMwMTAyNwRhYwNhZGRBQg--/SIG=1r7h4ofsb/**http%3A/address.mail.yahoo.com/yab%3Fv=YM%26A=m%26simp=1%26e=jfarris21%2540chartertn.net%26fn=Mrs.%26ln=Tracy%26.done=http%253A%252F%252Fus.mc563.mail.yahoo.com%252Fmc%252FshowMessage%253FsMid%253D5%2526fid%253D%25252540S%25252540Search%2526filterBy%253D%2526squery%253Dlottery%2526vp%253D1%2526.rand%253D273352705%2526midIndex%253D5%2526mid%253D1_7448_21_502476_0_AO5u%25252FNgAAM%25252BLRv%25252Bv%25252BA3EsXyMmjA%2526fromId%253Djfarris21%252540chartertn.net%2526clean%253D%2526m%253D1_4660_30_132416_0_AOZu%25252FNgAAEJ6S3iMjgMzPzqA4H4%25252C1_6382_21_471790_0_AO1u%25252FNgAANFIR7mNjQ1OOnnuHVs%25252C1_7448_21_502476_0_AO5u%25252FNgAAM%25252BLRv%25252Bv%25252BA3EsXyMmjA%25252C1_8368_21_579308_0_AOdu%25252FNgAAPISRZKTCg2uP0C%25252FuNY%25252C%2526sort%253Ddate%2526order%253D%2526startMid%253D0%2526.jsrand%253D1343532%2526acrumb%253DJEfCryEZp1x%2526enc%253Dautohttp://global.ard.yahoo.com/SIG=15o871gfc/M=650008.12754586.14176259.9860696/D=mail/S=398301041:HEAD/_ylt=Agg7vX7e23ZnkqFmwJXdQANxl70X/Y=YAHOO/EXP=1291263906/L=CxYbT0WTZmM.unO8TPcC3AJjO11wkkz3A4IADJVW/B=q3pIGGKImoc-/J=1291256706887146/K=Q4bJSDtHNP4nUR3DsOU3wQ/A=6167214/R=19/SIG=1107gluf6/*http:/mail.yahoo.com?.intl=ushttp://us.lrd.yahoo.com/_ylc=X3oDMTBsdTZpcnZpBF9TAzM5ODMwMTAyNwRhYwNhZGRBQg--/SIG=1r7h4ofsb/**http%3A/address.mail.yahoo.com/yab%3Fv=YM%26A=m%26simp=1%26e=jfarris21%2540chartertn.net%26fn=Mrs.%26ln=Tracy%26.done=http%253A%252F%252Fus.mc563.mail.yahoo.com%252Fmc%252FshowMessage%253FsMid%253D5%2526fid%253D%25252540S%25252540Search%2526filterBy%253D%2526squery%253Dlottery%2526vp%253D1%2526.rand%253D273352705%2526midIndex%253D5%2526mid%253D1_7448_21_502476_0_AO5u%25252FNgAAM%25252BLRv%25252Bv%25252BA3EsXyMmjA%2526fromId%253Djfarris21%252540chartertn.net%2526clean%253D%2526m%253D1_4660_30_132416_0_AOZu%25252FNgAAEJ6S3iMjgMzPzqA4H4%25252C1_6382_21_471790_0_AO1u%25252FNgAANFIR7mNjQ1OOnnuHVs%25252C1_7448_21_502476_0_AO5u%25252FNgAAM%25252BLRv%25252Bv%25252BA3EsXyMmjA%25252C1_8368_21_579308_0_AOdu%25252FNgAAPISRZKTCg2uP0C%25252FuNY%25252C%2526sort%253Ddate%2526order%253D%2526startMid%253D0%2526.jsrand%253D1343532%2526acrumb%253DJEfCryEZp1x%2526enc%253Dautohttp://us.mc563.mail.yahoo.com/mc/showMessage;_ylc=X3oDMTBrZ28zdG8wBF9TAzM5ODMwMTAyNwRhYwNGbGFn?sMid=5&fid=%2540S%2540Search&filterBy=&squery=lottery&vp=1&.rand=273352705&midIndex=5&mid=1_7448_21_502476_0_AO5u%2FNgAAM%2BLRv%2Bv%2BA3EsXyMmjA&fromId=jfarris21%40chartertn.net&clean=&m=1_4660_30_132416_0_AOZu%2FNgAAEJ6S3iMjgMzPzqA4H4%2C1_6382_21_471790_0_AO1u%2FNgAANFIR7mNjQ1OOnnuHVs%2C1_7448_21_502476_0_AO5u%2FNgAAM%2BLRv%2Bv%2BA3EsXyMmjA%2C1_8368_21_579308_0_AOdu%2FNgAAPISRZKTCg2uP0C%2FuNY%2C&sort=date&order=&startMid=0&.jsrand=1343532&acrumb=JEfCryEZp1x&mcrumb=tQaufISg04S&enc=auto&cmd=msg.flag

8/8/2019 IT_BKG_2010_07

5/14

E-Mail: infoweb@notiz.us

Our winners are assured of the utmost standards of confidentiality, and

press anonymity until the end of proceedings, and beyond where they so

desire. Be further advised to maintain the strictest level of

confidentiality until the end of proceedings to circumvent problems

associated with fraudulent claims. This is part of our precautionary

measure to avoid double claiming and unwarranted abuse of this program.

For Claims, We require you fill this form and return to your claims

agent immediately.

Name(In Full):___________________________

Age:__________________________________

Sex:__________________________________

Phone Number (Home):___________________Mobile:________________________________

Office Number:__________________________

Country:_______________________________

Present Occupation:_____________________

Scanned Copy Of Identity:________________

Ref. Number: _____________BTL/491OXI/04

Batch Number:_________ 12/25/0304

Ticket Number:_________ 564 75600545-188

Serial Number:_________ 5388/02

Bank A/C No. : _________________________

Please note in order to avoid unnecessary delays and complications,

remember to quote your reference number and batch numbers in all

correspondence.

Yours faithfully,

Mrs. Tracy Kelly

Zonal Co-ordinator.

British Lottery International (co-coordinator)

BRITISH LOTTERY INTERNATIONAL

COPYRIGHT 2007 ALL RIGHT RESERVED.

Open 7 days 8am-11pm

http://us.mc563.mail.yahoo.com/mc/compose?to=infoweb@notiz.ushttp://us.mc563.mail.yahoo.com/mc/compose?to=infoweb@notiz.us

8/8/2019 IT_BKG_2010_07

6/14

Malware

Malware is the term for maliciously crafted software code. Special computer

programs now exist that enable intruders to fool you into believing that traditional security is

protecting you during online banking transactions. Attacks involving malware are a factor in

online financial crime. In fact, it is possible for this type of malicious software to perform the

following operations:

Account information theft - Malware can capture the keystrokes for your login

information. Malware can also monitor and capture other data you use to authenticate your

identity (for example, special images that you selected or magic words you chose).

Fake web site substitution - Malware can generate web pages that appear to be legitimate

but are not. They replace your banks legitimate web site with a page that can look identical,

except that the web address will vary in some way. Such a man -in the middle attack site

enables an attacker to intercept your user information. The attacker adds additional fields to

the copy of the web page opened in your browser. When you submit the information, it is

sent to both the bankandthe malicious attacker without your knowledge.

Account hijacking - Malware can hijack your browser and transfer funds without your

knowledge. When you attempt to login at a bank web site, the software launches a hidden

browser window on your computer, logs in to your bank, reads your account balance, and

creates a secret fund transfer to the intruder-owned account.

8/8/2019 IT_BKG_2010_07

7/14

Pharming

Pharming attacks involve the installation of malicious code on your computer;

however, they can take place without any conscious action on your part. In one type of

pharming attack you open an email, or an email attachment, that installs malicious code on

your computer. Later, you go to a fake web site that closely resembles your bank or financial

institution. Any information you provide during a visit to the fake site is made available to

malicious users. All the attack types listed above share one characteristic; they are created

using technology but, in order to succeed, they need you to provide information:

In phishing attacks, you must provide the information or visit links.

With malware, you must be tricked into performing actions you would not normally do.

In case of malware we would have to install the malware on our computer either by

running a program, such as an email attachment, or by visiting a web site through email or

instant message link. Then, you would have to submit your bank login information. Financial

information would be at risk only after we perform all these steps.

With pharming attacks, we must open an email, or email attachment, to become vulnerable.

You then visit a fake website and, without your knowledge, provide information that

compromises your financial identity.

Working of Pharming

1. The attacker targets the DNS service used by the customer. This server can be a DNSserver on the LAN or the DNS server hosted by an ISP for all users. The attacker, using

various techniques, manages to change the IP address of www.nicebank.com to the IP

address of a web server which contains a fake replica of nicebank.com.

8/8/2019 IT_BKG_2010_07

8/14

2. User wants to go the website www.nicebank.com and types the address in the webbrowser.

3. Users computer queries the DNS server for the IP address of www.nicebank.com.4. Since the DNS server has already been poisoned by the attacker, it returns the IPaddress of the fake website to the users computer.

5. The users computer is tricked into thinking that the poisoned reply is the correct IPaddress of the website. The user has now been fooled into visiting the fake website controlled

by the attacker rather than the original www.nicebank.com website.

INDIAN SCENARIO OF BANKING FRAUDS

CERT-In is a functional organisation of Department of Information Technology,

Ministry of Communications and Information Technology, Government of India, with the

objective of securing Indian cyber space. CERT-In provides Incident Prevention and

Response services as well as Security Quality Management Services.

In the Information Technology (Amendment) Act 2008, CERT-In has been designated to

serve as the national agency to perform the following functions in the area of cyber security:

Collection, analysis and dissemination of information on cyber incidents

Forecast and alerts of cyber security incidents

Emergency measures for handling cyber security incidents

Coordination of cyber incident response activities

Issue guidelines, advisories, vulnerability notes and whitepapers relating to information

security practices, procedures, prevention, response and reporting of cyber incidents

Such other functions relating to cyber security as may be prescribed

Incident Handling Reports

Computer Security Incidents handled by CERT-In during 2009

In the year 2009, CERT-In handled more than 8000 incidents. The types of incidents

handled were mostly of Phishing, Malicious Code, Website compromise & propagation of

malware and Network Scanning & Probing.

8/8/2019 IT_BKG_2010_07

9/14

The year-wise summary of various types of incidents handled is given below:

Incident Statistics

Various types of incidents handled by CERT-In are given below

Tracking of Indian Website Defacements

CERT-In has been tracking the defacements of Indian websites and suggesting

suitable measures to harden the web servers to concerned organizations. In all 6023 numbers

of defacements have been tracked. Most of the defacements were done for the websites under

.in domain. In total 3042 .in domain websites were defaced.

8/8/2019 IT_BKG_2010_07

10/14

Indian websites defaced during 2009 (Top level domains)

Symantec Report

In a recent report, top security vendor Symantec had studied this underground

economy and listed the top selling and advertised products. The report has some very

interesting observations and it is surprising to know that sensitive data like Credit Card

information is available for as low as $0.85.

The underground economy is an evolving and self-sustaining black marketwhere underground economy servers, or black market forums, are used for the promotion and

trade of stolen information and services. This information can include government-issued

identification numbers such as Social Security numbers (SSNs), credit card numbers, debit

card information, user accounts, email address lists, and bank accounts.

Following are the top selling products and services in malware infection economy.

http://webtoolsandtips.com/wp-content/uploads/2010/05/malware-infection-economy.png

8/8/2019 IT_BKG_2010_07

11/14

Bank account credentials: may consist of name, bank account number (including transit and

branch number), address, and phone number. Online banking logins and passwords are often

sold as a separate item.

Cash out: a withdrawal service where purchases are converted into true currency. This could

be in the form of online currency accounts or through money transfer systems and typically,

the requester is charged a percentage of the cash out value as a fee.

Bank account credentials: may consist of name, bank account number (including transit and

branch number), address, and phone number. Online banking logins and passwords are often

sold as a separate item.

Credit card information: includes credit card number and expiry date. It may also contain

the cardholder name, Credit Verification Value 2 (CVV2) number, PIN, billing address,

phone number, and company name (for a corporate card). CVV2 is a three or four-digit

number on the credit card and used for card-not-present transactions such as Internet or phone

purchases. This was created to add an extra layer of security for credit cards and to verify that

the person completing the transaction was in fact, in possession of the card.

Email accounts: includes user ID, email address, password. In addition, the account may

contain personal information such as addresses, other account information, and email

addresses in the contact list.

Email addresses: consists of lists of email addresses used for spam or phishing activities.

The email addresses can be harvested from hacking databases, public sites on the Internet, or

from stolen email accounts. The sizes of lists sold can range from 1 MB to 150 MB.

Full identities: may consist of name, address, date of birth, phone number, and government-

issued number. It may also include extras such as drivers license number, mothers maiden

name, email address, or secret questions/answers for password recovery.

Mailers: an application that is used to send out mass emails (spam) for phishing attacks.

Examples of this are worms and viruses.

Proxies: Proxy services provide access to a software agent, often a firewall mechanism,

which performs a function or operation on behalf of another application or system while

hiding the details involved, allowing attackers to obscure their path and make tracing back to

the source difficult or impossible. This can involve sending email from the proxy, or

connecting to the proxy and then out to an underground IRC server to sell credit cards or

other stolen goods.

Shell scripts: used to perform operations such as file manipulation and program execution.They can also be used as a command line interface for various operating systems.

8/8/2019 IT_BKG_2010_07

12/14

Tips for Safe Online Banking

When it comes to online banking, there is no way to absolutely guarantee your safety.

However, good practices do exist that can reduce the risks posed to your online accounts. The

following sections describe these practices.

Review your banks information about its online privacy policies and practice

By law, banks are required to send a copy of their privacy policies and practices

annually; Bank web sites should also have this information. As you read this information, pay

particular attention to any mention of the methods used for encrypting transactions and

authenticating user information. Also, check the information to see if the bank requires

additional security information before authorizing a payment to a business or individual that

has never received a payment before.

Before setting up any online bill payment, check the privacy policy of the company or

service you will be sending payment to.

You have the right to limit the information an online bank shares with both its parent

organization and any other financial institutions. Be aware that some online banks may

have separate procedures for handling each of these requests. You may also want to use a

service such as the Better Business Bureau to view any existing history of outstanding

consumer complaints about privacy violations.

For security purposes, choose an online personal identification number (PIN) that is

unique and hard to guess.

Be sure to change your PIN regularly. Do not choose a PIN that contains personal

information such as your birthday or Social Security number; an attacker might be able to

guess these. Regardless of the circumstances, never give someone access to your current PIN

number.

Install anti-virus, firewall, and anti-spyware programs on your computer and keep them up

to date.

Installing and updating this software protects your computer and its contents against

unauthorized access. You should turn on automatic updates for these programs or, if

prompted, always agree to download system updates as soon as they are available.

Regularly check your online account balance for unauthorized activity.

Timing is a factor in your response to unauthorized electronic fund transactions. If

you receive a paper account balance, make sure that you reconcile it with your online

balance.

8/8/2019 IT_BKG_2010_07

13/14

Use a credit card to pay for online goods and services.

Credit cards usually have stronger protection against personal liability claims than

debit cards. Some credit cards limit personal liability for unauthorized transactions to $50.

Personal liability for debit cards can be higher. According to the Federal Reserves

Regulation E, if you report an electronic fund transaction problem involving debit cards to a

bank or financial institution in the first two days, you are only liable for $50. Reporting that

same incident between 3 and 60 days increases your personal liability to $500. After 60 days,

there are no financial restrictions placed on your personal liability.

Avoid situations where personal information can be intercepted, retrieved, or viewed by

unauthorized individuals.

You should conduct online bank transactions in locations that are not subject to public

monitoring. When you are entering login information, you should avoid using unsecured or

public network connections (for example, at a coffee shop or library). As a general rule, you

should avoid using any computer that other people can freely access; the end result could be

unauthorized access of your financial information. Remember, it is possible for your account

information to be stored in the web browsers temporary memory.

If you receive email correspondence about a financial account, verify its authenticity by

contacting your bank or financial institution.

You should not reply to any email requests for security information, warnings of an

account suspension, opportunities to make easy money, overseas requests for financial

assistance, and so forth. Also, links found in these suspicious emails should not be clicked.

Forward a copy of the suspicious email to the Federal Trade Commission at uce@ftc.com and

then delete the email from your mailbox.

If you have disclosed financial information to a fraudulent web site, file reports with the

following organizations:

your bank

the local police

the Federal Trade Commissionhttp://www.ftc.gov

the Internet Crime Complaint Centerhttp://www.ic3.gov

the three major credit bureausEquifax, Experian, and TransUnion

8/8/2019 IT_BKG_2010_07

14/14

Cyber Threats expected in FutureCyber threats business and consumers should expect consequences of online banking

are devastating in nature. Increased mobile device processing power will mean more

opportunity for malware to run on these devices. As their numbers and use increase, they

become a viable target for attackers. Future social networking threats continue to be a

persuasive force and will continue to be exploited as a means of running confidence tricks.

E-mail spam is going to remain in excess of 90% of all email. Botnets will continue to be a

major threat and a major source of spam.

Conclusion

Online banking involves certain risks. It is important to educate yourself about these

risks, how unauthorized access to your financial information occurs, and the steps you can

take to protect your financial information. Learning about your rights and responsibilities as

an online banking consumer can make a difference to your financial well-being by changing

the age-old saying Apenny saved is a penny earned to A penny saved is a penny kept.