Cybercrime is up, up and away. However, our systems to deal with it remain antiquated and wishy washy at best. A good example is our old staple of banking system - the check book.
The entire finance and banking system has check as a dying vestigial organ in the modern mobile world we live in. So, how you may be wondering is this actually a problem?
Three simple pieces of information can help us understand the fraud:
- Account holder name
- Account number
- Bank routing number
Using these pieces of information, anyone can open another fraudalent account in the Account holder name, and then link your Account number to it. The protocol is super simple: financial institutions make two low value deposits in your account, and the attacker needs to guess the amounts. Thats it!
Now, you must be wondering what is the probability that the attacker
can randomly guess the two dollar amounts? Since each deposit is an
independent event, we have 99*99 or 9801 ways to guess the amount
correctly.
If the linking bank account allows for multiple retries on the guess, the attacker can simply iterate on the verification form 9801 times, and have a successful linkage to your account.