Sep 13 2010
Organized Crime Steals $600K in ACH Fraud
Posted by chris.mark
Data Breaches, Data Security, Industry News, ProPay News
No Comments
In an rticle on Krebs on Security organized cybertheive stole over $600,o00 from teh Catholic Diocese of Des Moines, Iowa. According to the archdiocese, cyberthieves obtained the bank login credentials of the Diocese and used dozens of ususpecting ‘mules’ hired through work at home scams to move the money.
ACH fraud has been increasing significantly in the last 12 months. You can see Dan kaplan of SC Magazine interview me on this subject at this link.
The scam works like this. First, the theives steal bank login data that will allow them to initiate ACH transactions. Often these credentials are stolen through malicious software inadvertently downloaded from an infected website or attached to an email. The criminals recruit well-intentioned people from job boards to “work” for a fabricated company. The criminals then ACH the money to these newly recruited “mules” who, in turn, transfer the money to another account. The mules are allowed to keep a percentage of the money as a fee for their efforts.
How can this have been prevented? First, banks should ensure they comply with the FFIEC guidelines requiring multi-factor authentication for account logins. Even if a bank is using multi-factor athentication it is adviseable that people or companies look for banking institutions that use more robust forms of authentication such as token-based, two-factor authentication. This would require that both a password and a code from a physical token be entered to access the bank account. Second, companies and individuals should keep a close eye on their accounts to look for any suspicious activity that may indicate someone has accessed the account.
WARNING! sales pitch- ProPay announced the released of our ACH tokenization service to help protect companies against the theft of ACH data and resulting fraud like that detailed in this blog post. ProPay’s ACH tokenization solution replaces ACH account data with a useless token to prevent the theft and subsequent use of actual account data. Additionally, ProPay employs robust multi-factor authentication, including X509 certificate-based, two-factor authentication to protect merchants’ login credentials from being stolen and used maliciously. Contact us today for more information.
Chris Mark; EVP, Data Security & Compliance
No Responses to “ Organized Crime Steals $600K in ACH Fraud ”