It was reported in the FT today that, hackers have stolen more than €36m from 30 banks across Europe using a new two-stage Trojan virus that spreads from a victim’s PC to their mobile phone. More than 30,000 online banking customers in Germany, Italy, Spain and the Netherlands were affected by the attack, which security companies have called Eurograbber.
It is the second significant online banking breach this year. The first, Operation High Roller, involved an estimated $60m in fraudulent money transfers at 60 financial institutions, according to Guardian Analytics, an online banking security company.
What has happened to all the talk of IT governance and controls that are supposed to prevent such occurrences? Don’t they test their firewalls, penetration test their processes? Banks moving into mobile banking & mobile payments systems will have to be aware of the risks from such events and build controls that can prevent and also detect unusual patterns. Internal audit will play a big part of the defense that a bank should build.