Your money dot con

[Michaelangelica]

Your money dot con

Listen Now - 20012008 |Download Audio - 20012008

 

No one's telling how much of our money is being stolen through the Internet because no one wants us to lose confidence in the system.

The banks are making so much money out of it, they prefer to wear the costs or push them down to the customer. In the meantime, everyone has a story and global criminals are stalking our accounts, our phones and our PCs. Reporter: Ian Townsend. (Originally broadcast on 24th June 2007)

Ian Townsend: Ask around the office, and among your friends, and you might be surprised how many of them have had money disappear from their credit card or bank accounts lately.

 

Maybe it's happened to you. Someone's racked up a few thousand dollars buying airline tickets in Ethiopia. It must be a mistake, surely. You call the bank, fill in a form, and the money's back in your account.

 

The bank doesn't want to talk about it, but how on earth did it happen?

 

I'm Ian Townsend and welcome to Background Briefing on ABC Radio National.

 

Computer security experts from around the globe gathered on the Gold Coast a few weeks ago to talk about all the ways we can be ripped off online.

Jason Edelstein: Enter the evil attacker. At this point ...

 

Ian Townsend: Here's one specialist demonstrating how easy it is for a hacker to attack a company telephone system.

Jason Edelstein: I'll now demonstrate one of the attacks: compromising a PIN. Now telephone banking requires a user to enter a customer number and PIN, using a touch pad.

Each number pressed sends a unique sound which is interpreted by the end system. Now I've got a little recording here that was captured off the wire of a telephone banking transaction.

 

PHONE RINGS. . .

. . .

 

Taking Nigeria as an example, the police estimate $2-1/2-million leaves Australia each month. That's $30-million a year. Over the past 14 months in Queensland, the Police Fraud Squad has spoken to 139 people who've been sending half a million dollars a month.

. . .

But the Australian banks stand to make a lot of money from the Internet anyway. They've invested heavily in online banking, but it's saving them a fortune in staff and branches. So they're prepared to wear the online fraud even if it costs them more than $100-million a year.

. . .

And here's an interesting statistic. The Australian Payment Clearing Association, which relies on the banks to report credit card fraud to them, says the value of credit card fraud actually dropped last year, to about $87-million

.

Multiply that by 10 for USA?

 

Background Briefing - 20 January 2008 - Your money dot con

[Csejthe]

Wow! That is pretty scary. However, I was under the impression that "they" ( I use this as a loose term for companies who use telephone keying systems ) were going to drop the use of tonal-based systems for EXACTLY the reasons described in this article. Secondly,

it's very amusing how far one can still get with a a little social engineering on a telephone line.

 

I am not sure how bad callcentre services are internationally, but as an example one normally gets asked to give your ID number as well as your contact number when a callcentre agents phones YOU in South Africa. However, when asking the callcentre agent these same questions in response, you will generally be able to get all of the agents information from him as well. This is a theoretical doorway opening back up into the callcentre when you call back and "impersonate" the agent who phoned you.

 

I think you can see where this is heading.

 

As for digital security it will always remain a problem. Nevermind, how your protect your data, a centralized data storage system will always be prone to more problems than non-centralized systems. But the list goes on and on.

 

I think we should start smaller concerning electronic banking systems. Firstly we should decide how much control banks and/or governments should have over them and then what the legal implications for crime relating to the control or abuse of said privileges must be.