ACH Fraud: 7 Tips for Secure Transactions

Start with a Dedicated Computer, Then Monitor Access Closely
ACH Fraud: 7 Tips for Secure Transactions
To help avoid malware-enabled wire and ACH fraud, here are seven tips for financial institutions to share with their customers:

1. Use a Dedicated Machine

Computers are relatively inexpensive; use a separate dedicated machine for all of your online financial transactions. If multiple people need transaction access, each person must have an additional, separate computer - or leverage terminal services to create a system of clients and dumb terminals.

2. Segregate it from the Network

This dedicated machine must not be part of a Windows domain. Utilize a Local Administrator account that can operate on the account access information. This avoids the "Clampi effect" of one compromised machine leading to a fully infiltrated network where miscreants can more easily steal sensitive account information.

3. Turn off Computer When Not in Use

As trivial as this sounds, shut the machine down when it is not in use; this can limit your exposure - many of the modern worms/trojans exploit vulnerabilities in the Windows Operating System, and contrary to popular belief do not require the user to have taken any actions such as opening emails or visiting malicious websites.

4. Monitor Traffic

Implement firewall/proxy instrumentation on both your ingress and egress points, monitoring and logging all traffic to/from your machine to ensure unauthorized access is denied no matter from what point it is initiated. The machine should be used for financial transactions only; all non-business essential network traffic should be denied to/from this machine.

5. Regulate Changes

Implement a change management process for any work that is to be done on machines performing financial transactions (this should include any changes to proxy or firewall settings that could impact these machines). Changes must require multiple party approvals. Convenience is not an acceptable reason to open access.

6. Think Virtual

Virtualized environments are another option employees can leverage; the solution can work for multiple employees, or employees who travel and who need to perform financial functions on the road. Again, computers are cheap; use a netbook or comparable alternative dedicated exclusively to financial transactions.

7. Mind Your Media

Leverage dedicated, bootable media (CD/DVD/USB...) when performing financial transactions. One could even go a step further and remove the ability to write to the hard drive, so that nothing can actually be stored on the machine, other than the core operating system and key applications.

Source: Rodney Joffe, Senior Technologist at Neustar, Inc., a Sterling, VA-based security firm.

See Also: New Banking Trojan Targets Online Payments

About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.