December 11, 2008
Wire-Transfer Shops May Provide Hackers An Easy Target
According to a study to be released on Thursday, nearly 60 percent of PCs examined in 300 wire-transfer businesses in Los Angeles and Las Vegas were infected with viruses capable of stealing financial information.
Panda Security, a Spanish software vendor, conducted the study and found various malicious viruses on the computers including keyloggers that record keystrokes, allowing hackers backdoor access to compromised machines.Some of the examined machines held private data including Social Security numbers, and credit card numbers.
The study was unable to determine if any of the information had been successfully stolen. According to researchers, the study served to show that there are still significant weaknesses in the wire-transfer shops.
"It's a disaster waiting to happen," said Carlos Zevallos, who led the study.
Many of the PCs held troves of information due to the fact that many wire-transfer shops often sell other goods and services.
Stores that use the same internet connection for wire-transfers and business give hackers an open door. Panda's researchers believe the poor security controls could allow hackers to intercept money transfers very easily.
"It's pretty chilling," Zevallos said. "It's the equivalent of having a store with a broken window in a bad neighborhood with a bunch of stuff in there - sooner or later someone's going to come by and pick it up."
According to Zevallos, the infections reflect what can happen when businesses don't protect themselves with proper Internet security software and hardware. Wire-transfer companies make themselves vulnerable targets due to their type of business.
According to the Inter-American Development Bank, nearly $67 billion will be transferred from the U.S. and Spain, to Latin America and the Caribbean this year.
According to David Landsman, executive director of the National Money Transmitters Association, wire-transfer theft isn't worth the effort for a criminal. Landsman pointed out that most transactions are for less than $300.
"If an identity thief is looking for waters to troll in, these would not be very rich waters," Landsman said. "It's not that we're not concerned about our customers' data being secured. We just don't think this is a likely target. It wouldn't make sense."
Landsman believes the industry's security policies are adequate. He also pointed out that large money transfers are heavily regulated by state auditors, and that big money transfer companies specialize in protecting their transfers.
Panda's study was unable to find weaknesses in the way money transfers were encrypted, and protected.
On the Net: