Welcome to Toronto. Yes this was my first time traveling to Toronto. It was a nice 13 degrees, while in my hometown, Winnipeg it was -13. I traveled there to take part in a conference between Canadian ISP’s and banks. What I can say about it is that everyone is pretty up at arms about how bad all the banking scams are getting.
Let me explain how these work, for those of you who are not in the know.
So you are surfing around the net, perhaps you’re downloading ‘free’ software, or pornography. Whatever it is, you’re probably on a ‘less-than-reputable’ site. But it’s ok because you have a virus scanner, right? No, not always. You’re better off with one, but no protection is 100%.
However it gets on your computer, let’s just assume it got on. Now this dropper, as they call them, can go out to the internet and download an updated version of itself. Something that perhaps starts up a keylogger or some such thing. The next time you browse to your bank it will be logging everything you type (because the encryption only works between the browser and the bank, not your keyboard and the bank) and will send it off to the hacker.
Once received, he will sell this information to someone who is in the business of removing funds from accounts. Often they will log into your account, and take a screenshot of the balance, uploading it to imgshack or something like that. They usually auction them off, or are already working for an organization of some sort. The guy who buys this account will commission someone who is good at removing funds from accounts. They will take a pre-paid stolen credit card (probably cloned from someone else) and add it as a new bill on your account. Once that is complete, they can ‘pay’ out as much as your bank will let them. Often this is at least $1500. Following that, they hire kids, or mules of some sort to take the pre-paid card to an ABM (usually in a European country) and remove the cash.
Now there are ways for banks to combat this. They have anti-fraud systems that looks for patterns like “I just added a new biller and am paying > $x”. Similar pattern recognition to what anti-spam systems use I would imagine. The problem is, that none of these systems are perfect. I mean, well the days are gone where you get over 100 spam messages in your mailbox every day, now it’s more like 1 a week. Which is tolerable, but you have to wonder if this will every stop. My guess is no.
Think about this for 1 second. Say you have a bank that has 100 Million customers world wide. If they need to spend $2 per customer to implement some new anti-fraud system, like say VASCO tokens with one time passwords, it would cost them well over $200 Million dollars. Now if they have to pay insurance premiums of only $20 Million dollars to cover all the fraudulent Internet scams, there’s no WAY they will upgrade the system. And this is the general sentiment here and in the US. Insurance pays out, so why bother with crazy secure systems, when we can make do just getting rid of most of the scams.
Business is Business.
This is, however leading into another thing that I’ve been thinking about. Businesses that get so large, so big, and are driven entirely by increasing Shareholder value, that increasing the value for their customers is an afterthought. We are seeing this in the press, and all over the place right now. CEO’s with golden parachutes whose contracts require them to drive up the stock price. They come in for 4 or 10 years and gut a company, artificially inflating the stock before the company goes bankrupt because customers realize that it’s not really that great after all.
Another bad thing about businesses getting too large, is that they actually become a threat to our economy and national security. For example, look at all these bailouts that are happening. If AIG was made up of, say, 10 smaller companies (of which I’m sure it was at some point), then perhaps competition would have kept a lot of the economic problems from arising. Perhaps only 3/10 would be going bankrupt because they all had different management tactics. Perhaps we wouldn’t be paying out billions of dollars to people who built something so big that it really could not be effectively managed anymore. When companies become so large that they actually out weigh any government in the world, I think we have lots to be worried about.
Yeah I know strength in numbers, but that was said long before we have a global economy.
