The Green Sheet Online Edition
October 12, 2009 • Issue 09:10:01
Cyber thieves stealing from students
In May 2009 cyber criminals hacked into Sanford, Maine-based Patco Construction Inc. and stole $588,000. Shortly thereafter, Patco's attorneys advised the company to sue its bank for not providing adequate authentication procedures.
And now, school districts and other educational markets (trade schools, online universities and so forth) nationwide are being targeted by hackers, who have stolen significant amounts of money from them, according to Melih Abdulhayoglu, Chief Executive Officer of Internet security specialist Comodo Group.
"The cyber criminals have spotted a very high value but a very soft target," Abdulhayoglu said. "School districts have lots of money, but unlike business enterprises, they cannot get the best security solutions available. It's a sad, sad day that this is happening. That money we raise for our kids is going straight in the cyber criminals' pockets.
"We don't have to suffer at the hands of [cyber thieves]. And it's the same with the smaller-level merchants like Patco as it is with school districts. They either can't afford or don't know about the latest security solutions available, which makes for an easy target. The Patco case is ongoing, and whoever wins, the lawsuit will still be expensive and time-consuming - and I know both sides will wish they could have prevented it." As of yet, no reports have surfaced of educational institutions bringing suit against their banks for inadequate transaction authentication.
Password plus one
Authenticating consumers' identities and protecting their card data and other sensitive information, such as Social Security and driver's license numbers, are critical to preventing cyber theft. The Federal Financial Institutions Examination Council, charged with prescribing standards for the federal examination of financial institutions, requires that banks and credit unions only allow customers to access their accounts if they use at least one other form of identification in addition to passwords. This is in accordance with The Digital Signature and Electronic Authentication Law passed by the U.S. Congress in 1998.
"Unfortunately, it is difficult to stop a determined thief," Abdulhayoglu said. "But prevention-based software should be our first line of defense in online banking and payments to mitigate risk and make the Internet safer for us all. We have to be vigilant because those thieves are relentless in their mission to siphon off money."
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.