Security firms McAfee and Guardian Analytics have published a joint fraud report, dubbed Operation High Roller, on new methods of siphoning money from banking systems. Using a series of highly sophisticated cyber attacks to target high balance accounts, criminals have been able to successfully bypass physical "chip and pin" authentication and use server-based fraudulent transactions to steal money from a number of accounts in Europe. The attacks originated in Italy, using SpyEye and Zeus malware to transfer funds into fraudulent accounts.
Although the fraud requires an initial client-based attack, McAfee discovered 426 unknown variants of the typical Zeus or SpyEye malware that were difficult to detect. The most unique part of the attack is the ability for the malware to use JavaScript web injects to alter internet login experiences for users and glean login information and two-factor authentication tokens. Once the malware has successfully retrieved this information from an end user, it initiates a bank transfer while holding up a users session. "Financial institutions must take this innovation seriously," say McAfee, warning that the latest technique can be used for other forms of physical security devices.
The majority of attacks appear to have taken place across European banking systems, but McAfee warns that it has found evidence of attacks at Latin American and North American financial institutions too. The company is warning that 60 servers have been processing thousands of attempted thefts from high-value accounts over a period of months, resulting in attempts to steal at least €60 million (US$78 million). McAfee says that if all the attempted fraud attacks were successful then the total attempted fraud could be as high as €2 billion ($2.49 billion).
and....

Did ONE high-tech worker bring RBS to its knees? Junior technician blamed for meltdown that froze millions of accounts


PUBLISHED: 17:13 EST, 26 June 2012 UPDATED: 17:40 EST, 26 June 2012

A junior technician in India caused the RBS computer meltdown which froze millions of British bank accounts, it was claimed last night.
The ‘inexperienced operative’ erased a massive swathe of information during a routine software upgrade for the Royal Bank of Scotland and its subsidiaries NatWest and Ulster Bank, according to reports.
The worker was understood to have been part of a team recruited in Hyderabad after the bank laid off more than 20,000 UK staff and outsourced work abroad.

The failure of RBS computers was allegedly the fault of a young technician in India


The failure of RBS computers was allegedly the fault of a young technician in India

Deleted information had to be painstakingly re-entered into the bank group’s computer system, stalling an estimated 100million transactions.
RBS refused to comment on the claims which were reported on technology website The Register.
 

More...

The site reported that the computer operator was carrying out an upgrade to the CA-7 software banks use to run their vast network of transactions.
As he checked the update, he accidentally erased a mass of data, the site claimed, adding: ‘A major error was made. An inexperienced person cleared the whole queue... they erased all the scheduling.’
Stephen Hester, RBS CEO, said there was 'no evidence' that the system crashing had any connection to the decision to outsource jobs to India


Stephen Hester, RBS chief executive, said there was 'no evidence' that the system failure was connected to the decision to outsource jobs to India

A source told the Mail the problems were exacerbated because the botched update was applied to both the banks’ back-up systems and the live computer – a worryingly basic mistake.
Millions of payments, including wages, disappeared from accounts leaving customers unable to withdraw cash, check their balance or settle bills.
Finance watchdogs warned the fallout from the computer meltdown could take weeks to sort out.
Sir Mervyn King said the slow reaction from RBS to the system failure needed to be questioned
Sir Mervyn King said the slow reaction from RBS to the system failure needed to be questioned
Bank of England Governor Sir Mervyn King told the Treasury select committee that questions needed to be asked about why the crisis had gone on for so long after the computer failure last Tuesday night, and called on the Financial Services Authority to launch a ‘very detailed investigation’.
The FSA said: ‘We will expect RBS-NatWest to provide us with a complete account of the issues once this is fully resolved and to take any necessary steps to ensure that the risks of these problems occurring again are addressed.’ 
The computer failure was so catastrophic that RBS and NatWest still do not know how many of their 15million customers were affected. 
Ulster Bank said 100,000 of its 1.9million account holders were hit.


Analysts believe the debacle could cost the banking group £100million in compensation and overtime payments.
NatWest was forced to open 1,200 branches across the country over the weekend to clears a massive backlog of payments
NatWest was forced to open 1,200 branches across the country over the weekend to clears a massive backlog of payments

The group’s share price rallied slightly yesterday after RBS and NatWest claimed they had finally cleared the backlog on their accounts, although more than £1.7billion has been wiped off the taxpayers’ 82 per cent stake in the group since the disruption began. 
RBS and NatWest said their accounts were now up-to-date but admitted ‘a small number of customers’ could still suffer delays and said account holders at Ulster Bank still faced unacceptable delays.


The Financial Ombudsman Service warned the chaos could go on for weeks and said it has been flooded with 500 calls a day from customers.
A spokesman said: ‘No one can really anticipate how long the disruption will go on for – but it could be weeks until the bank manages to sort out every complaint.’
Knock-on effects could include problems with charges for late payments and issues with credit ratings if customers have been unable to pay bills or transfer money. 
RBS head of customer services Susan Allen said: ‘We have made an error, we have been clear all the way through that we will make sure that customers and non-customers don’t lose out as a result of that.’
She said she was ‘embarrassed’ such a mistake had happened.
Last February, RBS advertised for a series of key jobs, paying between £9,000 and £11,000 a year for computer graduates with several years of experience using CA-7.
RBS has said the at-fault software was ‘UK-based’ and its computer servers are based in Britain, but insiders said many of their support teams were in Hyderabad.
Chief executive Stephen Hester said there was ‘no evidence’ the debacle was connected to the bank’s decision to outsource jobs to India.


The crisis has raised questions about the robustness of computer systems at  other banks.

Banks wimbledon fizz goes flat