Computerworld reported today that Lubbock, Texas based PlainsCapital Bank settled a dispute with Plano, Texas based Hillary Machinery Inc. over a series of fraudulent wire transfers initiated using Hillary’s online banking credentials. Over $800,000 was sent to various banks based in Europe (who could probably use the cash these days). The full details are here.
This incident underscores just how important it is for businesses and individuals to establish and implement sound security protocols to protect access credentials to third party sites, such as online banking sites. Banks and other larger institutions do, in most cases, implement a number of measures to protect their systems and their customers. This is a good thing because online banking tools can save businesses and ordinary citizens a lot of time in managing their funds. But instead of just relying on a bank’s security measures alone, businesses and individuals should keep tighter control over their access credentials. Certain basic, but effective, measures include:
- Distributing access credentials only to those personnel who truly need them to perform their jobs;
- Routinely changing passwords; and
- Ensuring that the systems on which these credentials are used have up-to-date virus and intrusion protection software.
As the case between PlainsCapital and Hillary has settled, it is impossible for us to determine whether the fraudulent transfers occurred due to a lack of reasonable security measures on the part of PlainsCapital, a lack of controls on the part of Hillary, or both. It could also have been due to an especially enterprising hacker with the skill, desire, and determination to bypass even the most stringent security. And there may not be such a thing as a fullproof security system or process. The least we can do is make it as difficult as possible for a hacker to meddle with our accounts.