How safe is Internet banking? Or: How safe are banks?
Answer: just safe enough so that people will not stop using them.
The safety of Internet banking, or the safety of banks in general are a beautiful proof for Hegel's dialectical principle.
A bank features what it believes is a safe environment (Hegel's thesis). Then a bunch of robbers cracks bank security and gets away with a heist (the antithesis). And only then, the bank installs new security features that obstruct the next bunch of robbers (kind of a synthesis).
Banks learn from experience. They don't learn from logical contemplation.
This also applies to me. I got into hacking only after my own e-gold.com account had been hacked "beautifully", and of course pilfered. And this happened precisely just after for the first time the account held some 800 US dollars.
I investigated the matter, and I could now easily hack other people's bank accounts by exactly the same method, but I don't, not because I would be an honest person out of principle, but because I don't need the money. I have found honest ways to earn what I need for a living, and I can't be bothered making enemies solely for some funds.
So, mankind is safe from my hacking knowledge (it's not perfect, anyway).
I remember in Germany, in the 1960's no bank had video observation. Now, not only is there a hidden camera above every cashier, but video cameras are also standard features on ATM machines.
Why? In Germany, because in the early 70's, there all of a sudden was an epidemic of bank robberies. And only the installation of video observation systems dampened the enthusiasm of the robbers.
Plain dialectical common sense suggests that banks are always just one step behind the robbers. And while robbers by and large have realized that marching into a bank and poking a cashier's chest with the barrel of a gun is not the way to go in today's world, the idea of pilfering accounts via the Internet is tempting indeed.
And yes, your chances of getting away with it are really quite good. Those who pilfered my e-gold.com account got away with it, last not least because e-gold.com pretty well protects the identity of robbers.
The great advantage of using the Internet for bank robberies is that it works beyond borders. I can sit in Nigeria, or the Philippines, and pilfer a bank account in the Netherlands, or the Scottish highlands. The Dutch victim will contact whom? First his bank. They can't trace the money, or they only can to a certain point. They can't trace it if it has been channeled into the e-gold.com system.
And then, banks are bound to protect the privacy of their account holders. They will only reveal details of an account holder when this has been requested by a court.
Pilfering Internet-enabled bank accounts is always done across borders. So, where do you go after your money has been channeled from your Amsterdam account to Bangalore. The bank in Bangalore will want a order from an Indian court… so you will have to report to the Indian police. If your account has been pilfered by just 5000 dollars, it won't be worth the travel to Bangalore.
And how do banks react?
I live in Asia. But I used to have Internet access to a bank account a friend had set up for me in the UK, so that I could accept subscription remittances from readers in the UK who do not use credit cards.
After a while, the password for access to that account no longer worked from Asia. It still worked within Europe, though.
What happened? Obviously, the accounts of some bank customers had been hacked. That was easy to do through a keylogger program. And obviously, it was done from Asia. So, the bank simply prohibited login access from Asian IP addresses.
Smart? Not quite.
The measure will only work until the hackers will have worked out how they can hijack a European IP address to access the online bank account.
Of course, if you are a computer kid in India or the Philippines, and could earn 1 dollar a day with honest work, the idea of just pilfering English or Dutch bank accounts, and to potentially make thousands of dollars, is tempting indeed. You won't have to fear much from the Indian or Philippine police.
The formula for hackers in Third World countries is: little risk, high potential awards.
I could hack bank account, but I don't. I am not under pressure to earn more money.
Many young men in Europe or the US could learn how to hack bank accounts but they don't because they would have to deal with the police in Europe and the US, and especially the US police does have officers who primarily deal with hackers.
If I were a talented but poor young man in a Third World country, I would select the banks I were to hack by country. If I were to hack US bank accounts, a special investigative unit would have the resources to send an officer to Bangalore, and with some consular backing, he would have the cloud to demand cooperation from the local police.
So, why not hack bank accounts in Slovakia, or the Ukraine, or Mexico, or Hongkong. The local police of these countries won't have the resources to send an officer to Bangalore.
I don't think that banks reveal how many of their customers' accounts have been hacked, but my guess is that its far more than a few. It will take a pattern of fraud for banks to block access by Asian IP numbers.
And I don't believe that banks will pay refunds to clients who have lost money to hackers. The banks typically state that protecting the secrecy of one's login combination is the responsibility of the customer.
What the customer doesn't know is that the first time he types his user name and password into the keyboard of his own Internet-connected computer, the combination may already be sent to a hacker.
