Thursday, 16 June 2016

" Cat and Mouse " Tactics !

The wonderful world of electronics that connect our mobile phones and computers to the Internet have delivered the convenience of paying bills without the need to stand in queues or do anything other than tap a few keys or click a mouse.   Unfortunately, with convenience comes - risk !

It has long been a constant battle between the banks and the merchants on the one hand trying to devise systems safe from fraud and an equally brilliant criminal fraternity devising ways to make money by circumventing those security measures.

It seemed that financial institutions had the upper hand when a new strategy was introduced that promised to spot intrusions and check them out before any money was lost.  It worked by evaluating the customers prior banking history and accepting payments to payees which were regular receipients.

Whenever a new receipient was signalled for a payment that payment was held in suspense while an automatic text message was sent to the phone of the customer.  It contained a random four digit code and required the customer to authorise the amount to be paid to that named account - by entering the correct four digit code to the bank awaiting that clearance.

This safety measure was obvious.  If an external source had penetrated the customers security this unauthorised transaction brought to the customers notice would be quickly unmasked - and no money would change hands.   It was very effective - until the bandits changed tactics !

Clever malware allows intruders to take over the victims mobile phone and allow a change of that phone number registered with the financial institution.    Very quickly bogus payments are made - and when the bank tries to check the authenticity of the transaction the message is now going directly to the bandit.

There is an obvious need to quickly clear the funds gained and a clever ruse has been inflicted on many overseas students studying in Australia.   They are approached and offered an incentive to open a bank account and sign an authority to access for the bandit.   It is this account to which the illicit payments are directed and they are immediately whisked away to another account in a distant foreign country - probably to an account which is regularly cleared and then abandoned.

The key to this type of fraud is success in accessing the victims personal information and the necessary software is easily accessible to those with the knowledge of how to use it.  It seems that the implanted chip which makes tapping a card against a terminal rather than the need for a PIN increases the risk, and " card reading " methods can even access the card details while it is safely encased in the victims wallet or purse.

Students who allow their bank accounts to be used for this purpose risk being legally responsible for the missing money and so far the losses have run to more that six million dollars.  We need to enhance the care we take of those plastic cards and be particularly careful not to download material from unknown sources.   The design of malware is ever innovative.

The problem is that the electronic world is constantly improving the convenience it offers and we demand simplicity - and with that comes risk !

No comments:

Post a Comment