CommBank not denying alarming NetBank fraud report

The Commonwealth Bank (CBA) has opted not to deny a report today containing allegations its online banking facility is currently playing host to hundreds of scams involving unauthorised transactions each week.A CBA customer recently contacted the Crikey social and political commentary Web site with allegations his account was hacked and debited AU$2,000 and that the bank's staff had conceded this was happening "hundreds and hundreds [of times] per week".

The Commonwealth Bank (CBA) has opted not to deny a report today containing allegations its online banking facility is currently playing host to hundreds of scams involving unauthorised transactions each week.

A CBA customer recently contacted the Crikey social and political commentary Web site with allegations his account was hacked and debited AU$2,000 and that the bank's staff had conceded this was happening "hundreds and hundreds [of times] per week".

In its defence, the CBA claimed that it had managed to detect and stop fraud activity before funds were lost in 99.5 percent of cases.

ZDNet Australia today contacted the CBA for comment but it refused to confirm or deny the allegations in the report.

"The Bank takes security very seriously and has in place systems and procedures to detect fraudulent activity as can be evidenced by the example provided in the Crikey.com story. We do not comment on levels of fraud as this is commercially sensitive information," the bank said in a statement released today.

A spokesperson for the CBA said: "The Bank has nothing further to add to this statement".

The CBA customer told Crikey the financial institution was pointing the finger of blame for the scams at Russian crime gangs and it appears that their techniques are becoming more sophisticated.

In past reports of online banking fraud blamed on Russian gangs, the organised crime units have used e-mail phishing scams to obtain customer details and attempted to collect funds from accounts using a local accomplice. The Crikey subscriber's described a more insidious scenario whereby bank details are retrieved from Web cookies and secondary local bank account holders are conned into moving funds unwittingly on the criminals' behalf.

The individual said his money was transferred to an account held by another of the banks' customers who had recently accepted a job over the Internet. According to the report, the woman had been labouring under the perception that the money was from her new employers and she'd received instructions to move it another account.

"The person my money was transferred to is a real person, totally unaware of what happened until contacted by the CBA," said the Crikey subscriber.

The report comes amidst growing pressure on banks from international consumer groups to introduce stronger Internet banking authentication mechanisms.