Little has changed; banks still have the money. Only the means of robbing them have become more numerous. Modern banks are dependent on computer technology, creating new opportunities for fraud and high-tech bank robbery.
Probably the best-known story about modern-day bank fraud involves the computation of "rounded-off" interest payments. A bank employee noticed that the quarterly interest payments on the millions of savings accounts held by the bank were worked out to four decimal points, then rounded up or down. Anything above .0075 of a dollar was rounded up to the next penny and paid to the customer; anything below that was rounded down and kept by the bank. In other words, anything up to three quarters of a cent in earned interest on millions of accounts was going back into the bank's coffers.
Interest earned by bank customers was calculated and credited by computer. So it would be a simple matter for an employee to write a program amending the process: instead of the roundeddown interest going back to the bank, it could all be amalgamated in one account, to which the employee alone had access. Over the two or three years that such a scam was said to have been operational, an employee was supposed to have grossed millions, even billions, of dollars.
The story is an urban legend that has been told for years and accepted by many, but there has not been a single documented case. However, it certainly could be true: banks' dependence on computers has made fraud easier to commit and harder to detect. Computers are impersonal, their procedures faster and more anonymous than paper-based transactions. They can move money around the world in microseconds, and accounts can effortlessly be created and hidden from a computer keyboard.
Like any corporate fraud, most bank fraud is committed by insiders, employees with access to codes and procedures who can create a "paper trail" justifying a transaction. In such cases the fraud is not really different from illegal transactions carried out in the quill-pen era: the use of a computer has simply mechanized such fraud and made it more difficult to track.
The new threat to banks comes from hackers. In addition to the familiar duo of the bank robber and the criminal employee--the one bashing through the front door with a shotgun, the other sitting in the back room quietly cooking the books--banks now face a third security risk: the adolescent hacker with a PC, a modem, and the ability to access the bank's computers from a remote site. Unlike traditional bank robbers, hackers don't come through the front door: they sneak in through the bank's own computer access ports, then roam unseen through the systems, looking for vulnerable areas. Unlike crooked employees, hackers aren't a physical presence: they remain unseen and undetected until it's too late.
Though banks spend millions protecting their computer systems from intruders, they aren't necessarily that secure. Bank employees, particularly those who work in dealing rooms, are notorious for using the most obvious passwords, generally those that reflect their own ambitions: Porsche and sex are perennial favorites. Sometimes even the most basic security precautions are overlooked. Recently two hackers demonstrated this point for a London newspaper. They targeted the local headquarters of "a leading American bank" one that was so well known for its laxity that its systems had become a training ground for neophyte hackers. The two had first hacked into the bank's computer in March 1988, and in October 1990 the pair did it again, using the same ID and password they had first employed in 1988. The bank hadn't bothered to modify its most basic procedures, and its first line of defense against hackers, for over two and a half years.
Given such opportunity, it could be assumed that banks are regularly being looted by hackers. The mechanics appear straightforward enough: operating from home a hacker should be able to break into a bank's central computer quite anonymously, access the sector dealing with cash transfers, then quickly move the money to an account that he controls. However, in practice the procedure is more complex. Banks use codes to validate transfers; in addition, transactions must be confirmed electronically by the recipient of the funds. Because of such safeguards, the plundering is probably limited.
But the threat from hackers is still real. There may be a hundred hackers in the United States with the necessary skills to break into a bank and steal funds, which is a sizable number of potential bank robbers. And of course it would be the dream hack, the one that justifies the time spent staring at a video terminal while learning the craft.
