The curious case of the Russian graduate student and computer hacker Vladimir Levin and his small band of accomplices., who were arrested some months a o after allegedly trying to steal $11 million from Citibank in New York, shows that electronic theft is getting serious.
Citi has little to say about the incident, although it maintains that things are not as bad as they look. The bank says that after it discovered the initial thefts, it cooperated with the police in this country and allowed other attempts to go on. In all the hackers made 40 attempted thefts between june and October of 1994. The bank's actual losses were limited to $400,000.
One of the most worrisome aspects of the case is that it involved Citibank's cash management systems. For competitive reasons, Citi and many other banks have distributed software to corporate clients in recent years that reveals a great deal of information about these banks' computer systems. This makes it easier for corporate clients to manage their payable and receivable accounts directly, and it also reduces the workload on a bank's staff and thus improves customer service.
But it also means that tens of thousands of people around the world now have detailed information about banks' computer systems. Banks do employ security measures to stop hackers cold, but with literally trillions of dollars each day coursing through the electronic networks that are now the lifeblood of banking around the world, it may be nothing short of miraculous that more thefts haven't occured.
Normally with these cash management systems, a customer sends a payment order from his or her terminal, and then the bank initiates the wire transfer. Before the payment is actually settled with the bank on the other end, a customer is supposed to notify the originating bank whether the payment order is valid or fraudulent. Apparently, the customers were too slow in notifying Citi about some of the fake transfers, and Citi is blaming at least part of its loss on that.
"This case proves that with any kind of electronic network, you're going to be vulnerable to security breaches," says Steven Bercu, an attorney who specializes in electronic commerce for the Boston law firm Foley, Hoag & Eliot. Banks have always made tradeoffs between security and ease of use," and as long as there are electronic transfers of money, they will always be forced to balance risk against customer service and cost.
Perhaps banks can make their wire transfers close to 100% secure, but then they risk making their networks too expensive to operate and too difficult to use.
Still, regardless of the strength of their internal controls, banks need to understand that hacking has reached a new level of sophistication - and danger, says Sanford Sherizen, president of Data Security Systems, a consulting firm in Natick, MA.