Online bank frauds—in which hackers use employees’ bank passwords to transfer funds out of a company’s accounts—don’t seem to be letting up. In fact, criminals keep coming up with new variations on the frauds.
“We’re just in a constant cat and mouse game,” said George Tubin, senior security strategist at security software firm Trusteer, a unit of IBM. “The banking industry has gotten better in general at improving their defenses, and the criminals have also gotten better at improving their attack methods.”
Online bank fraud, which is most often aimed at small and midsize companies, is particularly devastating because corporate bank accounts don’t have the same protection under the law as consumer accounts. The company whose account has been raided may end up eating the loss.
Some organizations that have lost money via such frauds have sued their banks, but the results of those lawsuits have been mixed. In 2011, a court ordered Comerica Bank to repay Experi-Metal $561,000 that fraudsters had wired out of the company’s account.