Should banks and others bother to continue playing catch up with cyber criminals and their constantly evolving techniques? This was the question FBI special agent Timothy O'Brien set out to answer during his session titled Is Online Security a Lost Cause? O'Brien is with the Bureau's computer crimes squad and tracks criminals' activities on the Web.He emphasized that crooks are no longer motivated by the bragging rights traditionally associated with hacking into an important corporate or government network. "Profit motive is powering cyber crime today," O'Brien said. These people are usually a loose affiliation of disconnected, highly specialized individuals looking to make the most money on stolen information in their underground economy.
Of course, not all network break-ins deliberate or from the outside. O'Brien said it's important to remember that it's often a "trusted user" who either becomes disgruntled or is simply ignorant of what he downloads onto a company computer.
I think what was most interesting were the reactions of the bankers in the audience as agent O'Brien's presentation unfolded. The segment with perhaps the greatest impact involved a detailed screenshot of a website used by cyber crooks to buy stolen card information. It was set up like a legitimate business site! There was all the account information available to prospective crooks, including type of credit card, Social Security numbers, account number, mother's maiden name, and more. All this was priced accordingly, depending on the detail of the account data. There were even discounts available to certain "customers"! It was really frightening when presented in such a manner. There were many incredulous laughs from the audience, including yours truly.
One of the bankers commented to me, noting how prominent PayPal's name was on this shady e-commerce site, "PayPay isn't even regulated for Know Your Customer." It only drove home the growing presence of nonbanks in the financial transaction space and perhaps the need for them to play by the same rules as traditional banks.