$45 million in cash stolen? That's chump change

Last week's ATM theft of $45 million in cash made the headlines -- but the real security problem is so much bigger

The world was abuzz last week because midlevel hackers stole $45 million in 10 hours. While that figure is nothing to laugh at, it pales in comparison to the bigger issue of how easy it is to commit online fraud -- and how insanely large the numbers are.

For example, one of the latest scams is for criminals to file online tax returns claiming large tax refunds on behalf of innocent victims. Gangs of low-level cyber criminals collect victims' Social Security numbers and other identity information. Then they file online tax claims requesting big refunds and receive payment in the form of hard-to-track debit cards (much like how the $45 million was delivered).

[ 5 hot security defenses that don't deliver | Mobily seeks U.S. hacker's help to build mobile spying system | Keep up with key security issues with InfoWorld's Security Central newsletter. ]

The IRS admits it paid about $1.4 billion in fraudulent IRS returns in one year alone. Innocent taxpayers usually don't notice they've been robbed until they file their legitimate return and get turned down for filing duplicates. After each side figures out that a fraudulent return is involved, it can take from six months to a year for legitimate taxpayers to get their refunds. As of 2012 (the latest stats I could find), the IRS had 650,000 outstanding fraud investigations. If you put these facts together, legitimate taxpayers are out another $1.4 billion of their refunds. That's $2.8 billion in total fraud each year due to "hackers" who typically do nothing more than know how to type.

The problem is so rampant in south Florida, where I live, that cops are trained to look for IRS debit cards when they stop suspected gang members and drug dealers. It turns out that IRS debit cards represent a bigger business with lower risk then selling drugs.

But IRS fraud is a small part of the story. Five years ago when I was consulting for the nation's banking regulators, I asked how big Internet banking fraud was. At first I couldn't get an answer, but later on a senior auditor told me that fraud amounted to 6 percent of revenue at some banks, though only half of that was Internet-related versus traditional fraud.

That's a mind-blowing statistic. Banking is measured in the trillions of dollars. Recently a single large bank made $24 billion in one quarter alone. If you take 3 percent (half of 6 percent from total banking fraud) that suggests hundreds of millions of dollars are being stolen each day.

I've talked to a few other notable industry experts to get a feel for how much money is being stolen across the Internet. I asked if it's likely to be $100 million a day; both parties agreed that the real figures are in that range.

What is $45 million stolen in a day? Apparently only half a day's work!

1 2 Page 1
Page 1 of 2
How to choose a SIEM solution: 11 key features and considerations