First Online Banking…then what?

If the wife of FBI boss Robert Mueller has allegedly warned him not to use online banking because his incompetence on the computer could leave them open to online fraud, then is there any hope for protection for the rest of us. This is especially true given the recent news that usernames and passwords for tens of thousands of people who use web-based email services, such as Hotmail, Google Mail, and Yahoo were compromised.

Such happenings have done nothing to quash concerns about so-called phishing scams that trick users into giving away their login details via malicious websites, fear of zombie botnets, and general worries about identity theft and fraud.

Now, a research study by Susan Sproule and Norm Archer of McMaster University, in Ontario, Canada, suggests that more and more of us are abandoning online bank accounts in favor of more traditional financing.

According to their research, one in five Canadians have stopped or reduced the amount of shopping that they do online while almost one in ten are no longer carrying out banking online, or have reduced the amount of online banking that they do because of fraud worries.

That said, in the UK at least, postal strikes mean postal banking could become hideously slow, while the closure of high street banks means online is the only viable way to handle your money these days for many people fraud fear or not.

Phishing for logins is not the only problem. Credit card skimming, insider theft, and counterfeiting of digital information, and ID “trafficking” are on the increase. I suspect that most customers never hear about the banking frauds against them, as the banks don’t want the bad publicity and so simply absorb the losses and gloss over the problem.

“These findings are of concern to business and government,” Sproule says, “since, if consumers stop doing business online, the productivity benefits of e-business will not be realized.”

The researchers have modeled such crime and defined ID theft and fraud as two distinct but related problems, which could help legislators to do their job better and arm law enforcers with appropriate tools to pursue and convict of cyber criminals.

Incidentally, other researchers are refuting the accounts of Google and Microsoft as to how all those tens of thousands of login details got hijacked. They’re suggesting that something more insidious than phishing occurred and that a botnet keylogger may actually be to blame. Moreover, with Microsoft/Sidekick losing data and backups for thousands of users of that mobile device and releasing its security essentials program just recently, perhaps there really is something else sinister going down…

Research Blogging IconSusan Sproule, & Norm Archer (2010). Measuring identity theft and identity fraud Int. J. Business Governance and Ethics, 5 (1/2), 51-63