There are very few technologies that have affected our everyday lives as much as the Internet. It has changed the way we communicate in many ways and has revolutionized business processes. And the digital evolution has affected our accounts just as much. Online banking has been growing in popularity for years, and more and more people appreciate the benefits it offers. Bank customers can access their accounts, execute financial transactions or trade shares at any time of day or night.

According to Eurostat, 36 percent of people in Europe used online banking for transactions last year. In Norway the figure was a staggering 83 percent. But, just as with any other service that involves large sums of money, criminals attempt to make off with as much of the loot as possible. In the Internet age, bank robbers no longer need cutting torches to get to customers' money.

Bank robbery 2.0: Attacks in the browser

Banks have invested heavily in the security of their systems and effectively encrypted the communication channels from the customer to the bank. They have also continued to improve the TAN procedure, having recently done away with printed TAN lists and introduced new procedures such as mobile TAN and flicker TAN. But, in reality, cyber criminals can circumvent all these protection mechanisms by attacking the customer's PC.


In the world of bank robbery 2.0, perpetrators do not attack the banks. They infect online banking customers' computers with intelligent computer malware called banking Trojans. Visiting an infected website is all it takes to infect the computer with this specialised malware. Once it has stolen the access data, this malware can actively intervene in the payment process and divert legitimate transactions to other accounts without being detected.

How does the fraud work?

If the browser has been manipulated by a banking Trojan, data is still transferred from the computer to the bank in an encrypted form, but it is not the data that the user actually entered in the browser. If the bank customer tries to pay his rent from his infected PC, for example, the data he enters is visible in the Internet browser, but once the TAN is entered the money is unnoticeably directed to the criminal's account.

Most antivirus solutions do not detect new banking Trojans until it is too late, since they require a corresponding signature for protection. In one test, conventional protection programs only detected 12 percent of the malware strains immediately and 27 percent after 24 hours. This means that traditional security technologies found it almost impossible to protect computers fully against current banking Trojans.