There have been recent, well-publicised cases of identity theft that have resulted in the victims’ bank accounts being ravaged. This happens when criminals get access to confidential data like user names and passwords, and use them to take control of deposit accounts.
The biggest concern for banks across the world is not the threat of external attack but identity fraud. The electronic age has made every institution that has an online transacting facility more vulnerable to financial crime, which is rapidly increasing on a global scale. In the United Kingdom, for example, an estimated £800 a minute is lost to fraud.
Research by IT research company Gartner (June 2004) into financial fraud in the United States revealed that identity theft crimes such as ‘phishing”, whereby criminals use misleading e-mails and websites to dupe individuals into sharing personal data such as passwords, accounted for $2,4-billion in fraud, or an average of $1 200 per victim over a period of a year.
Banks are now doing an additional 25% of their business through electronic channels such as the Internet, cellphone and automated teller machines — opening up new and more lucrative opportunities for fraudsters.
Another area of identity fraud is where criminals use a person’s personal information to steal credit or commit other crimes. Identity is stolen by thieves who pretend to represent the bank and trick customers into giving them their details. This is called ‘social engineering”.
Bank clients can also be fooled through a process known as ‘phishing”, where syndicates create fake websites on which duped customers enter or change their bank details.
Stealing credit card information is one of the most common forms of identity theft and has especially plagued the UK, which has experienced a 30% increase, year on year, in card fraud since 1995.
However, the fastest-growing methods of stealing details and identities are e-mail ‘phishing” and Trojan horse programs. Trojans are often sent as attachments to ‘phishing” e-mails or spread independently as computer worms.
Computer users may never realise they have a Trojan on their computer, even as it spies in the background, recording keystrokes — including passwords — and e-mailing them to criminals lying in wait across the world.
All the banks have security in place to try and prevent such fraud. Standard Bank has been monitoring global trends in cyber crime for some time and continually assesses the measures it takes to defend both itself and its customers.
Herman Singh is Standard Bank’s director of architecture and technology engineering
Avoid the hook
Here are some hints on how to avoid being caught by phishing scams:
Don’t divulge your Internet banking facility details or your password to anyone.
Change your password often and don’t select obvious passwords.
Log off once you’re done transacting.
Install anti-spyware and anti-virus software and update it regularly.
Get the latest security updates.
Use the security measures offered by banks, such as one-time passwords.
Don’t bank at Internet cafés.
Never respond to e-mails requesting your banking information, no matter how authentic they may seem.
Call your bank immediately if you’re unsure about any security issue.