The ease and speed of online business banking may be giving wayto a growing amount of fraud. This month the Federal Bureau ofInvestigation warned about “a significant increase” in onlinebanking frauds perpetrated on small and midsize businesses andlocal governments.

The FBI described a scenario in which a company's computer isinfected when an employee–usually one with the authority toinitiate funds transfers–clicks on an infected e-mail attachment orvisits an infected Website. The malware installed on the computerharvests the logons for the company's bank accounts, and the cybercriminal uses that information to initiate ACH or wire transfers.AnFBI report describing the problem estimates attempted theftstotaled about $100 million as of October.

Many small businesses aren't even aware of the threat to onlinebanking until they're hit with a loss, says Avivah Litan, ananalyst at technology research firm Gartner. And Litan notes thatunlike consumers, who have legal protection in the case of suchlosses, businesses aren't necessarily able to recover money that isstolen from their accounts.

Observers point to the increasing prowess of the fraudsters.“We've seen much more sophisticated technology-based attacks beingused to target small and medium-size businesses,” says PaulHenninger, director of financial crime solutions Actimize, whichmakes fraud detection software for banks. “They involve things likeTrojans and malware, which are used to log information as it'styped in on the customer's computer and in some cases to actuallytake over the computer itself.”

“It's gone from gamers who were just being disruptive toincredibly well-organized and well-funded businesses, and they'redoing some really sophisticated stuff,” says Joe Spatarella, vicepresident of sales and marketing at Online Banking Solutions.Phishing e-mails used to be so sloppily done that they were easy tospot, he says. “Not any more, they're beautiful. Some of them, it'shard to tell.”

Given that cyber thieves now have the ability to overcome manysecurity precautions, like multifactor authentication, what shouldcompanies do?

Spatarella suggests that a PC or laptop be designated to be usedonly for banking, and never for e-mail or browsing the Internet.“The malware is introduced when people either get e-mail or go toother Websites,” he notes. “The minute you go out there, that'swhen you're potentially introducing problems.”

Litan recommends getting a non-Windows operating system andusing it from an external drive, like a CD drive. “Don't use thebrowser on your PC to do online banking, especially if it's aMicrosoft browser,” she says. “If you use an operating system on anexternal drive that you don't typically use, and it's on aread-only disk, you're not going to get infected there.”

“The other option is to get a locked-down browser,” Litan says.“They block everything. All you can do is go to their portal andfrom there you go to the bank.”

Online Banking Solutions markets such a locked-down browser tobanks to supply to their customers. “What we're suggesting is thatbanks provide hardened browsers that work only with their systems,”says Spatarella of Online Banking Systems. “Because the securitythreats have moved to the application, it's our position thatapplication providers have to take responsibility for securingtheir own applications.”

Litan argues that some of the onus is on the banks, noting thatcompanies aren't in the security field, and says regulators shouldpush banks to spend more money on security efforts, like programsthat detect fraud. “These attacks are so surreptitious, you can'tsee them. Most of the antivirus software out there won't detectit,” she says. “Banks have a responsibility here. If it'sdangerous, at least they should warn their customers.”