Wire transfer services are at high risk of cybercrime
Panda Security announced the findings from its multi-year security assessment of business services for U.S. immigrants. These multiservice businesses, primarily used by U.S. immigrants to send money back to their home countries, also known as remittances, were analyzed by Panda Security and were found to be severely lacking in security measures and at extremely high risk for cybercriminal activity such as illegal interception of money wire transfers, as well as credit card and identity fraud.
According to U.S. Immigration Support, it is estimated that worldwide remittances amount to more than $126 billion and have become a considerable force in the economy of many countries. Last year alone, Mexico received more than $17 billion in remittances through U.S. based workers, the highest of all countries. Since these offices cater to the immigrant population, they are primarily located in geographic regions that contain a high concentration of Hispanic workers. Panda Security’s multi-year assessment focused on the greater Los Angeles and Las Vegas regions and encompassed an observation of over 300 locations and approximately 1500 computers, representing an estimated 0.45 percent of all multiservice businesses nationwide. Panda Security was granted access at each site and conducted assessments, interviews with the business owners, and an investigation of the network security measures in place within each operation.
The results are alarming and deduce that these businesses, numbering approximately 66,000 in the U.S. alone, are at very high risk for cybercrime security breaches and theft. Surprisingly, the computers present in these offices are typically consumer grade Dell personal computers with very few enhancements or software additions. In repeated visits over the past two years, Panda Security consistently found that trial antivirus software on these machines had long since expired and any kind of proactive security measure was viewed as an unnecessary business expense. At least 30 percent of the 1500 computers directly observed had outdated antivirus software and an alarming 60 percent were actively infected.
In addition, employees at these businesses are frequently minimum wage young adults who spend time chatting, using peer-to-peer networks and visiting chat sites on the very same computers that store sensitive data such as social security numbers, DMV records, tax records and credit card information. This combination of lack of maintenance, low security consciousness and end user behavior result in highly vulnerable systems that are very easy for cybercriminals to infiltrate.
Since approximately 80 percent of the machines that Panda Security studied are being used for remittances and money transfer to immigrants’ home countries, analysis of the security assessments conducted over a two year period found that each network computer is at extremely high risk for cybercriminal activity. All of these risk exposures significantly increase the probability for criminals to successfully intercept authorized remittances to beneficiaries in Mexico via the following tactics:
- A Trojan / Keylogger can be installed on the target computer (either through a targeted phishing attack or other means of malware infection) capable of capturing screen information and/or taking details directly from the browser session via a sophisticated HTML injection. This would be facilitated by high-risk behavior of the people who operate the terminals and poor security standards, such as trial antivirus software and infrequent system maintenance.
- A terminal operator who authenticates with a Web-based transfer system can then initiate a wire transfer on behalf of the client (who has appeared in person at the location in the USA). The information regarding the transfer is typically visible on their screen as is the PIN number, beneficiary name and bank/branch where the money will be available. The money is available as early as 15 – 45 minutes on the receiving end and service bureaus watch to see if multiple small transactions to the same beneficiary occur. On a compromised machine, all of this required information can be obtained instantaneously and the cybercriminal can determine whether or not to strike, depending on dollar amounts.
- False identification bearing the name of the recipient or beneficiary can be created in a matter of minutes and a mule with false identification can be sent to pick up the funds. Due to advanced dye sublimation card printing technologies and corrupt government employees, high quality false documents made with real substrate can be available in mere minutes. In one popular wire transfer service that makes wire pickup available in a large Mexican national bank the beneficiary does not even need to pick up at the designated branch.
For all businesses geared towards U.S. immigrants whose systems are vulnerable to attack, Panda Security recommends the following protocol:
1. Make sure you have an up-to-date anti-malware suite and set it to scan regularly.
2. Make yourself aware of the security practices put into place before conducting your business. Panda Security suggests using FDIC accredited banks or Western Union because they have higher security standards than most multiservice businesses.