Historically, IT security has been attached with great importance in the banking sector. Already in 1996, the Danish Bankers Association adopted a codex for IT security in online banks for private clients. The aim was, and still is, to establish common minimum requirements for IT security in banks' electronic self-service systems for private customers.
Increased security with NemID
NemID is a Danish security solution which from now on is to be used by all Danish private online banking customers. NemID consists of two elements that combined increase the security: a password and a code card. At the same time, security codes that were previously located on the individual customer’s hard drive are moved to central servers. With NemID, security has thus been lifted and made it safer to go online from other computers than your own.
How does an online banking break-in happen?
All online banking break-ins have occurred as a result of insufficient IT security on the user's computer.
The break-ins have so far been carried out by cybercriminals putting "spy programs" on customers’ computers. The spy program gives the cybercriminals access to everything on the client’s personal computer such as documents, photos, mailbox, passwords and security codes, and thus access to the client's bank account.
There are no 100 percent secure online banking solutions. Therefore, it is important that you, as an online banking client, use your common sense and stay critical when you are on the internet.
The bank covers the loss
The bank covers any losses from online banking break-ins for private customers.
The cybercriminals obscure their trails
Any online bank transfer leaves electronic trails that show to which account the money was sent.
The cybercriminals need to conceal these trails, and therefore they entice ordinary people to act as so-called mules. In practice, cybercriminals transfer money from online bank break-ins to the mule’s account, and the mule then withdraws the amount in cash and transfers it to the perpetrators, for example through Western Union or MoneyGram.
This allows the cybercriminals to collect the money while the mule is left with some serious explaining to do, because the money can always be traced to the mule account.
How to avoid becoming a mule
Always be wary if someone you do not know needs help to transfer money and offers you money for the inconvenience.
Mules are typically recruited through a spam mail campaign with a "job advert". Recruitment attempt may be in Danish or English. Some are very professionally done, others quite clumsy.
The advertisement can be camouflaged by headlines such as "seeking financial assistants", "telework", "part-time job" and "local representation needed for an International Company".
If one responds to the recruitment ad, it turns out that the main content of the job is that you have to help with receiving and passing on money. In return, you often get a share of 5-15 percent.
Contribution to online banking theft and break-ins as a mule is a criminal offense which is punishable by the receiving stolen goods provision. The electronic trails of an online bank transfer means that a mule can always be detected.