According to FinCEN, between between January 1 and June 30, 2009, depository institution (banking) suspicious activity reports characterized as computer intrusion increased 75 percent, compared to the corresponding six-month reporting period in 2008. These reports are filed by individual banks across the country and I'm currently grappling with the multiple categories in an attempt to determine exactly how large this banking trojan corporate account takeover risk may be.
Tell you what – 75 percent growth year to year is not small. If one Zeus banking trojan-hijacked account equals the $100,000 average loss that experts tell me, that money is easily the payroll of 20 people – employees, vendors, and owners – who won't be paying their mortgages or rent on time. I can't speculate on where the growth comes from yet because so much of it is mislabled and tagged into multiple categories.
The importance of clarifying this threat is simple: All experts are unanimous in the fact that businesses are at greater risk of a show-stopping corporate account hijacking event – consumers have separate rights which protect account takeover losses for a much longer time period. Yet businesses often don't know what lurks online or how they can get phished with a simple email, and often they handle a half million dollars or more with no issue.
According to the SBA advocacy site, over 99 percent of the private payroll in the US comes from small and midsize businesses. Without small business steadily providing the fifteen year trend of 64 percent of all net new jobs stateside, the logic is simple: our economy can't continue to grow. No new jobs mean slow economic growth.
And somehow we can't seem to measure all of this quantitatively. The overuse by banking employees of the FinCEN SAR category of ‘Other' mocks any efforts at transparency. I may not be able to access more granular data directly due to the Banking Secrecy Act. My calls and emails are still being automatically handled by FinCEN at the time of this article.
Banking trojans have the potential to become the largest historically destructive threat to our nation's economy short of the Civil War. Business account hijacking has the ability to completely destroy what typically takes strong business teams years of nurturing. All from thousands of miles away or from right across the street.
To the start-ups – willing to take on the gut check of starting a business – it's even worse. The theft of someone's total commitment and investment in their future, their employee's futures – different than merely victimizing a single household more and more this crime victimizes entire communities. Adding longer term impact: the money that's taken is not spent stateside, so our small restaurants, coffee shops, gas stations and others don't even get that money back into circulation.
Banking trojans are a weapon of mass destruction loosed in the heart of the American Dream.