|
For anyone who is nervous of computers it is the perennial nightmare: you log in to your internet banking facility one day happy in the knowledge that your finances are safe in the bosom of modern technology, only to find that your current-account balance has been unexpectedly and painfully diminished, apparently by a transfer to a credit card issued by a bank in Bermuda. It subsequently transpires that someone has obtained the username and password for you internet banking service, and by passing himself off as you online, has siphoned off funds from your account.
Identity Theft
This scenario is just one example of a disturbing and ever more common practice known as "identity theft". While its scope is considerable, and includes using someone else's identity to obtain a passport or a driver's licence, or to draw someone else's pension, we will be dealing with identity theft only as it relates to internet banking.
Broadly there are three ways in which someone can obtain the personal details which will allow him access to your bank account. Firstly, he can access the bank's databases and obtain the details directly from that source. Given that these databases are protected by very robust security features, it is unlikely that such information will be accessible by this route, unless it is accessed by someone with inside knowledge of the bank's system.
The second way of obtaining this sensitive information is by intercepting electronic communications between the bank and its customer. Fortunately, communications between the bank's web-servers (the computers that provide internet banking services) and the client's web-browser (for example Internet Explorer or Netscape Navigator) are encrypted, making it virtually impossible to "tap into" these communications.
"Hacking"
This brings us to the "weak link" in the system - the client's computer itself. This often has little or nothing in the way of security measures in place, so this is where identity thieves concentrate.
A recent incident that caught the country's attention involved a "hacker" obtaining log-in information from several customers of ABSA Bank, and then using this information to transfer money from their accounts. What appears to have happened is that the hacker bought a computer program called eBlaster. This is "spyware" software, used to keep track of others' use of personal computers. Such software is normally used by employers to keep track of their employees' computer use, or by parents to keep tabs on their children. The hacker used this software to email a computer program to his victims. When the victims opened these emails, the computer programs installed themselves in the victims' computers. These programs then monitored the victims' computer use, recording all their keystrokes and sending them back to the hacker's computer. This allowed the hacker to obtain the information that gave him access to his victims' bank accounts.
This method is just one of several possibilities. One of the dangers of computer viruses is that they often implant what is called a "Trojan Horse" in the client's computer system. Rather than release Greeks to open the city gates however, this Trojan Horse is a computer program that may send personal information back to the virus' creator, or even be used to take control of your computer.
Other, more traditional methods include sitting down behind an unattended computer and obtaining confidential information that way, or by simply reading notes left in unattended wallets and handbags.
How Do I Protect Myself?
We recommend that you do the following:
- Do not allow unauthorised persons access to your PC. If necessary, set a password so that if the computer is left unattended, it cannot be accessed. If you make a paper note of your username and password, write it down in a safe place.
- When you dispose of old computers, make sure that the information on your hard drive is made completely inaccessible, either by means of a low-level format (ask your computer maintenance company about this), or by physically destroying the hard drive.
- Only open emails that do not look in the least suspicious. This means that you should know the person who has sent you the email, and / or see from the subject that the email is relevant. Be particularly wary of subjects that seem to be designed to grab your attention, like "returning your call", "I was just thinking" etc.
- Install anti-virus software and ensure that its virus definitions (what the software uses to recognise the latest viruses) are kept up to date. The well-regarded antivirus packages continually check for updates.
- You MUST have a firewall between your computer and the internet. A firewall is special software that only allows computer programs that you approve of to access the internet. This will stop spyware and viruses from communicating with their distributors. You can download free firewall programs off the internet, or buy them from most software vendors.
Who is Liable?
What concerns most people when faced with this scenario is the question of who bears the loss should funds be transferred out of their bank account - their bank or themselves? In the very unlikely event that a security breach occurs at the bank or in secure communications between the bank and the client, the bank would be obliged to reimburse its client for any such loss, as the fault would clearly be that of the bank. Where the breach has occurred on the client's computer however, the position is less certain, and would depend on the facts. Certainly where the client has not made any effort to safeguard login data and suffers a loss as a result of this negligence, the bank cannot be held liable. Where the client has secured his computer, he will still have to show that the bank was negligent in some way for the bank to be held liable. The legal position aside, the bank may opt to compensate the client for the loss in any event so as to maintain public confidence in its system - but do not count on this!
Conclusion
All transactions carry risk, and internet banking is no exception. If you take care to maintain your security by following the steps outlined in this article, the risk of suffering loss is very small indeed.
If you have any queries in this regard contact John O'Leary
|
