Just an idea, but maybe banks could implement a system that allowed users to set their own limit as to how much can be transferred out (something that isn’t visible or accessible from their online account). Currently we see many banks have something like a $10,000 limit before a flag is raised. So the miscreants take out numerous $9,975 transactions as to not trip a wire and the transfers would go through without a hitch. There was one article I read where a company discovered what was happening and told the bank to disallow the transactions till they figured out what was going on… and several hours later the miscreants successfully took out more money!

So let’s say a business says they wanna set a limit/flag of $2,000. Any transaction beyond that $ ammount would require the bank to send a notice requiring confirmation that the transaction is in fact legitimate. The confirmation could be as automated as email. They could call by phone or send use SMS messages. Miscreants wouldn’t know the $2,000 flag and hopefully they haven’t also comprised the users phone or email (phone far less likely than email). Further, if a number of transactions are attempted in a certain time period, the bank could make a personal call to the account holder to further ensure an attacker isn’t attempting something fishy.

Botnets are also tend to be coded with large scope in mind so catering to individual comprised accounts would take a lot more work. And if there is one thing we know, these guys go for low hanging fruit.

Problems with this? Larger accounts may make a lot more transactions. But honestly, those aren’t the targets. Small to midsize businesses are. And they should have an idea of the kinds of flags that need to be set to offer a good balance of convenience and security.

Banks also won’t want to implement this system as it would take time and money. But that’s because they try to (and in most cases do) stick the business with loss. Maybe some are working on a system like this? I wouldn’t bet money on it personally. It will affect them in the long run though, if banks customers are losing all their money, then the bank is technically losing money too. They gotta invest with something after all.

So that was really long comment there. I’m gonna get back to work now Great post by TrustDefender as always!