On Wednesday, Citigroup revealed that hackers breached its networks in early May, exposing data belonging to hundreds of thousands of credit card customers.
The breach, which Citi said affected about 1 percent of its 21 million North American card customers, was first reported by the Financial Times. Citi said the breach did not affect any customers”™ debit card accounts.
The bank said the breach affected its Citi Account Online service, which contains basic customer information, including names, account numbers and email addresses. Birth dates, card security numbers, Social Security numbers and other more sensitive data were not compromised, Citi said.
Citi said it contacted law enforcement officials regarding the breach, but did not provide additional details about how hackers were able to crack into the bank”™s systems.
The security breach comes on the heels of similar attacks against Lockheed Martin, Sony and Google that have occurred over the past month and a half.
More cyber breaches from Westfair Online on Vimeo.
Due diligence vital to preventing fraud
As online hackers have become increasingly adept, technology experts and bank executives are urging small-business owners to ensure that their companies are protected.
Last year, 303,809 complaints of Internet crime were received by the Internet Crime Complaint Center (IC3), a joint venture between the FBI and the National White Collar Crime Center, and since the year 2000, the IC3 has received more than 2 million Internet crime complaints.
Web security must become a top priority for small businesses, said Keith Reynolds, president of Maxim Communications, a Stamford, Conn.-based consultancy that specializes in Internet strategies.
“It”™s very important ”¦ that security becomes a culture and part of the way you do business,” Reynolds said.
In the past month, companies including Google, Sony and Lockheed Martin have all experienced attempted online security breaches, with hackers often making off with email addresses and phone numbers, in addition to other personal information. The scheme known as “phishing,” which refers to emails sent by hackers that attempt to trick people into providing information, has become increasingly prevalent in such breaches.
Preventing these scams often comes down to due diligence, Reynolds said.
“Phishing requires a willing participant,” he said. “If you don”™t give them a willing participant, then you don”™t have a problem. It”™s for people who are uneducated and follow through to a (web)site that is a fraud and put in information, that is where you have problems.”
A lack of awareness regarding what is constituted as fraudulent and the subsequent lack of protections against fraud are the biggest problems facing small-business owners, said Larry Selnick, director of treasury and payment solutions with Webster Bank, which has branches throughout Westchester County.
“We believe the best defense against fraud is educating clients, creating awareness, (and) multilayer, multilevel approaches to help you reduce the risks.”
Selnick said that when planning, companies must provide for the protection of data, financial information and physical property ”“ noting that a high percentage of fraud involves company employees. During the planning process, a business”™s accountant and financial institution are two of the most important resources for any owner, Selnick said.
“I always start with the accountant,” he said. “(Then), figure out what their bank offers to reduce fraud.”
He also advocated for the use of payment verification systems and alerts that he said are made available by the majority of banks, including Webster Bank, which provides users with a Positive Pay feature.
“Ninety percent of all fraud is check-based,” Selnick said. “You can reduce that risk by using services like Positive Pay. We provide an online file to you to say, ”˜Is this your check? Did you write it?”™ Almost every bank has Positive Pay, and almost every bank has alerts,” which he said can be used to notify account holders when their balance changes or drops below a certain level.
Other easy means of protecting a company”™s information include staying current with software updates, Reynolds said.
“It”™s important to keep on top of your applications ”“ making sure that all your applications are updated and making sure you have virus protection,” Reynolds said.
A frequent misunderstanding among small-business owners is that they are not legally responsible for acts of fraud that are perpetrated against their companies, Selnick said.
“What most small businesses believe is that like some consumers, they”™re protected by regulatory oversight,” Selnick said. “(But) small businesses are not consumers ”¦ They”™re not alone, but they can”™t presume they can delegate all the responsibility away.”
Comments 7