Friday, April 29, 2011

Online Banking Fraud - Chinese Style

By Michael Scheibach, Executive Editor

Online banking fraud continues to plague the financial industry. Earlier this week, the FBI, the Financial Services Information Sharing and Analysis Center, and the Internet Crime Complaint Center released information about unauthorized wire transfers to Chinese companies located near the Russian border occurring between March 2010 and April 2011.

According to the report, 20 incidents occurred involving online banking. The release said, "The online banking credentials of small to medium-sized U.S. businesses were compromised and used to initiate wire transfers to Chinese economic and trade companies." The total of the attempted fraud was $20 million, but the actual victim loss amounted to $11 million.

Any person using a computer within a company is susceptible to malware, a phishing email or a malicious website. And when this person initiates a funds transfer, he or she becomes a potential fraud victim.

The report reads: "When the authorized user attempts to log in to the user's bank website, the user is typically redirected to another web page stating the bank website is under maintenance or is unable to access the accounts. While the user is experiencing log-on issues, malicious actors initiate the unauthorized transfers to commercial accounts held at intermediary banks typically located in New York. Account funds are then transferred to the Chinese economic and trade bank account."

These transfers range from $50,000 to $985,000. According to the FBI, the malicious actors were most successful when wire transfers were less than $500,000. As soon as these transfers went through, the money was withdrawn immediately from or transferred out of the recipients' accounts.

In addition to large transfers, domestic ACH and wire transfers also were sent to "money mules" in the U.S. within minutes of conducting the overseas transfers. The domestic wire transfers ranged from $200 to $200,000; ACH transfers ranged from $222,500 to $1.275 million.

The bad news: The culprits of these unauthorized transfers are unknown. In fact, no one knows whether the Chinese accounts were the final destination, or whether the funds were transferred elsewhere.

So what to do? Banks need to help protect themselves and their business clients with fraud alert, detection and protection systems. And they must educate their customers about the potential of this type of fraud.

Be sure to read my article on online/mobile banking fraud in the June issue of BankNews.