Panda Security reveals major security flaws in money transfer businesses
January 2009 by Panda Security
Panda Security has conducted an assessment of over 300 businesses for sending money abroad. Over 1,500 computers were scrutinized with alarming results: 30% of them had an outdated antivirus and 60% were infected.
According to the United States Inmigration Support, money sent by immigrants to their home countries amounted to over US$ 126,000 millions in 2007 worldwide1.
Inadequately protected and often used for other purposes, (chats, downloads, etc.), these computers are not secure for online transactions. This lack of security could allow criminals to intercept authorized remittances using the following tactics: .
A Trojan / Keylogger can be installed on the target computer capable of capturing screen information such as account numbers, banking credentials, PIN codes, etc. This would be facilitated by high-risk behavior of the people who operate the terminals and poor security standards, such as trial antivirus software and infrequent system maintenance.
A targeted phishing attack (pretending to come from one of the most popular money transfer entities) or infections with malicious codes that lead users to fraudulent Web pages. Any banking data entered on these pages would end up in the criminals’ hands.
As a result of these attacks, banking details of money senders could be intercepted by cyber-crooks who would then have open access to the victims’ accounts.
“The danger with these computers is that, unsafe as they are, they are very frequently used to conduct bank transactions. The risk is enormous as we are talking about very sensitive information being stored on infected, vulnerable computers”, says Luis Corrons, technical director of PandaLabs. “This combination of lack of maintenance, low security consciousness and inappropriate end user behavior results in highly vulnerable systems that are very easy for cyber-criminals to infiltrate.”
For all businesses geared towards money transfer services, Panda Security recommends the following protocol:
1. Make sure you have an up-to-date anti-malware suite and set it to update regularly.
2. Make yourself aware of the security practices put into place before conducting your business. We suggest using banks accredited by the relevant authorities because they have higher security standards than most multi-service businesses.