Deep background: Latest threat to your bank account - hackers using digital copies of canceled checks for real-world fraud
Byron Acohido speaking at Visa's security conference (Bob Sullivan)
Are those digital checks you can download from your online bank putting your money at risk? Perhaps. Old-fashioned check fraud, supercharged by online account hijacking, is the latest fraud headache, I learned at the Visa Security Summit in D.C. on Wednesday. Some are calling it check fraud with "digital fine tuning."
Criminals are having a hard time turning hijacked online bank accounts into cash because banks are doing a good job with back-end fraud controls. Banks notice money being moved to unusual places, and block the transactions. So criminals are combining online and offline methods in a creative, and bold, way.
According to a fraud investigator at a major bank who spoke to me on background because his firm won't let him speak publicly, criminals hack into a consumers' bank account, but don't attempt to steal in the expected way -- by initiating an online transaction. Instead, they download high-resolution copies of canceled bank checks which they use as a base to creative fraudulent checks for deposit. Because the criminals have already impersonated the victim, and know a lot about him or her, it's easier to walk into a branch and turn that fake check into cash. I'll stop with the details right there.
It's a bold crime. Bad guys have to walk into branches -- or use drive-throughs-- to pull it off, meaning their image is probably on camera. It's also decidedly low-tech, a bit like the old Frank Abignale Catch Me If You Can days. But as any fraud analyst will tell you, stopping financial theft is like squeezing a water balloon -- squeeze one form of theft, and criminals just slide to another. As banks focus on online fraud controls, criminals go looking for other points of weakness, and they've found a new one.
Red Tape Wrestling Tips What does this mean for you? It's all the more reason to carefully guard your online bank account user name and password. Also, if you get a warning that someone has mysteriously logged onto your account from an unexpected location, don't blow it off just because no money is missing.