Online banking is a convenient and cost effective method of paying creditors and employees. However, online banking fraud is on the increase. The BDO Not-for-Profit Fraud Survey 2008 found that online banking fraud had increased to 8% of all fraud reported from 3% in 2006. This is in contrast to the decrease in cheque fraud from 10% of all fraud reported in 2006 to 5% in 2008.
Risk
Organisations do not take appropriate controls over their online banking facilities and leave themselves open to not only internal fraud but also external risks such as having the facility hacked.
Methods to Mitigate the Risk
As more and more organisations embrace the use of online banking rather than using cheques, it is understandable that online banking fraud will also be on the rise. Some of the issues to be considered in relation to online banking fraud are as follows:
Risk
Organisations do not take appropriate controls over their online banking facilities and leave themselves open to not only internal fraud but also external risks such as having the facility hacked.
Methods to Mitigate the Risk
As more and more organisations embrace the use of online banking rather than using cheques, it is understandable that online banking fraud will also be on the rise. Some of the issues to be considered in relation to online banking fraud are as follows:
- Many organisations have long had a requirement that two signatures were required on cheques. However, when transferring to online banking they only set up one password or if there are two passwords, both password holders know both passwords. An organisation should consider the use of a password for online banking in the same light as they do a signature on a cheque. A cheque signatory would not allow another person to sign a cheque using their signature (this is forgery), so why would they give their password to another person? Unfortunately it happens. At all times, a person having a password to online banking should never give that password to anyone else. An Online Banking Policy should clearly set out that the holder of a password will not provide that password to another person.
- The use of security tokens should be introduced. Security tokens are provided by financial institutions as a second security step or second level of authorisation. When a person logs onto online banking they will enter their user name and password. The number that is showing on the security token is then required. Even if someone discovered the password to the account, the security token number is constantly changing.
- Only ever log onto internet banking on a familiar computer (ie. One that you know is appropriately protected with firewalls and anti-virus software). Online banking has made it easier for organisations, as a person authorising the online banking payments can log in from any location to do so. However, the password holder needs to be confident that the computer he or she is using does not have a virus that could jeopardisea the security of their internet banking.
No comments:
Post a Comment