The August 12 NACHA Risk Management alert says, "Financial institutions' business customers are being attacked by malicious software in which perpetrators are attempting to obtain valid online banking credentials. ...Once a business' credentials are stolen, the perpetrator has online access to the business' account and any funds transfer capabilities associated with the credentials."
"The fact that NACHA has put out an alert to me confirms what we're seeing behind the scenes," said Praed in a separate phone interview.
Next month, NACHA plans to conduct a teleseminar about keylogging cybercrime that acknowledges the problem thus: "Corporate accounts have also been the target of fraudsters using malware to pose as legitimate users to originate wire transfers and ACH batches. The process of recovering losses incurred by the customer or financial institution after an attack can be lengthy and inundated with problems."
That may be an understatement. "I am not aware of a single commercial customer that has been reimbursed by its bank," said Praed, who estimated there have been thousands of corporate victims over the past six months to a year, with losses averaging six figures.
"Overnight, $150,000 gets transferred out and they do that every other day until the money is gone," he said, describing a typical pilfering pattern.
"The problem that we're seeing is of such an order of magnitude and is so damaging that I don't see how any system with this kind of problem can survive unless something is done," said Praed. "You're going to see many more losses going forward, which is why it's important for commercial bank customers to talk to their banks about their security procedures." He also said that he'd like to hear from businesses that have been affected by this sort of cybercrime.
Prince said that he hoped the government would step in to insulate banks from liability so that breach information can be shared more easily. "Banks that thwart attacks need to step up and inform other banks," he said. "Security in this space isn't a competitive advantage."
Customers burned by online banking don't switch to the competition, he said. They stop banking online.
According to Prince, the cyber criminals responsible appear to be operating out of Russia and Ukraine and to have ties to the nationalist hackers who directed a denial of service (DoS) attack at Twitter and other social sites to silence a pro-Georgia blogger recently.
"The same resources that were used a week and a half ago to initiate the DoS attack on the Georgian blogger are the same resources we were previously seeing purposed for the distribution of this virus," he said.
InformationWeek has published an in-depth report on managing risk. Download the report here (registration required).