Last week’s arrests and indictments of two gangs (one based in the U.K. and one in the U.S.) that used the ZeuS Trojan to syphon huge amounts of money from private and business banking accounts all over the two countries, has put a spotlight on the methods banks use to secure online transactions.
So far, the investigations showed that the great majority of these illegal transfers were Automated Clearing House (ACH) transactions, and that they were unauthorized. In both cases, the members of the gangs were prevalently Eastern Europeans and Russian.
Some of them were stationed in the countries in question, but usually they are living in their home countries, and a problem that often arises when it comes to arrests and indictments of these individuals is the problem of lack of jurisdiction.
In cases such as these, those who are likely to get arrested are the money mules responsible for collecting the stolen money and wiring it abroad. U.S. authorities hope that an aggressive stance towards those individuals will deter future potential money mules from executing this illegal activity.
In the meantime, banks are upping their security measures. Some are beginning to implement two-factor authentication (although ZeuS developers have begun their efforts to bypass it), some have implemented tools that detect and block suspicious and/or out-of-character transfers. ComputerWorld reports that protecting the computer from which the client authorizes the transfers is also a priority, so banks are considering offering more effective anti-virus solutions to their clients.