Cybercrime Targets Money Transfers
The money transfer industry, particularly as it pertains to immigrants living in the United States, has become an easy target for cybercriminals.
According to the U.S. Immigration Service, immigrants living in the U.S. send more than $126 billion annually in the form of remittances to family and friends in their native lands. These remittances have become a considerable force in the economies of many countries. In 2008, for instance, Mexican citizens received more than $17 billion in remittances from U.S.-based workers.
The vast majority of the remittances are sent via money transfer services in the U.S. -- from businesses in which a majority of computers are infected with badware.
In a two-year study, Panda Security, a value-added reseller of security products and services, assessed the security of money transfer services in the U.S. What they found -- backed up by observations from other sources -- is that 66,000 American businesses are highly susceptible to cybercrime attacks in the form of wire transfer interception, identity theft, and credit card fraud.
Panda’s research found the majority of office computers used in wire transfer businesses were low-cost, consumer-type PCs with very few enhancements, simple modem connectivity, and few security upgrades. At least 30 percent of the 1,500 computers directly observed had outdated antivirus software, and an alarming 60 percent were actively infected. Further, many of the money transfer operators saw network security as an unnecessary business expense, increasing the potential for cybercrime.
A further risk is that the majority of employees operating the systems surveyed were minimum-wage young adults who were inclined to use social networks and sites like Facebook on the same computers that hold sensitive data, such as social security numbers, names and addresses, and credit card details.
Due to the the lack of security policies, software, and knowledge throughout this industry, cyber criminals have many ways of accessing and exploiting these businesses and their customers for profit.
The usual route of attack is as follows:
- Hackers infect business computers. The first step is to install a Trojan keylogger to feed sensitive information on clients, track transactions, and enable remote access. This attack is facilitated by high-risk behavior and poor security standards on the part of money-transfer businesses, such as the use of trial antivirus software and infrequent system maintenance.
- Hackers analyze transactions. Using monitoring software, hackers view transactions to decide whether or not to act on accounts depending on dollar amounts. Hackers also check whether multiple small-dollar transactions are made to the same benefi`heft of personal data, hackers get false papers and identification for a “mule,” who picks up payments at a designated location.
- Hackers branch out. Hackers can add credit card fraud and identity theft to money-transfer crimes. The potential for repeat hijacking and fraud is highly increased once sensitive data is seized.
Clearly, awareness of what could happen if you use money transfer services is paramount to your own safety and that of your beneficiaries. Here are steps you can take to better prepare and protect yourself:
- Ask the business what security measures they have in place.
- Make sure you understand their anti-fraud measures before you use them.
- Personally contact the recipient of your wire transfer so it can be redeemed before there is any opportunity for interception.
- Try and make transfers before common dates, such as Christmas, Mother’s Day, etc., as these busy times are now targeted by cyber criminals.
- Ask whether the transfer company offers any insurance or guarantees.
- Look into the transfer business you're considering, and see what its track record is before using their services.
The money transfer industry needs to bite the bullet and see that security is paramount, not only to their customers, but to the survival of their own businesses.
Meanwhile, alternatives like PayPal could be a safer and cheaper option, provided both sender and recipient have accounts.