British police arrested three men this week who allegedly attempted to rob an online bank, London-based Egg PLC.
According to the bank, the arrests came after a six-month investigation in which the bank worked with the police to set up an electronic trap.
"We installed a piece of software that enabled us to identify these people," said Egg spokeswoman Poppy Nagra. "No customers lost money. There was no breach of security. It was very much a proactive security exercise for us."
Egg, the online banking offering from Prudential PLC, has 1.1 million customers.
Other Internet banks may have also been targeted, police said.
Online banks could draw a lesson from this, said Richard Bell, an analyst at Needham, Mass.-based TowerGroup.
"Banks have got to protect themselves in the Internet arena just as they have in the real world from all the fraud," he said. "This is a classic fraud."
The men made mistakes and got caught, he added, but the next group of thieves may learn from those mistakes.
Loopholes Invite Robbers
Bret Sigillo, regional director of information security at New York-based Predictive Systems Inc., said banks should review their software to close loopholes. Common loopholes are those that give customers access to other customers' accounts.
Another major security problem, he said, is the fact that an online bank has a more difficult time verifying the identity of someone who wants to open an account. In a physical branch, a bank officer can ask for photo identification.
For an online bank, the only solution is digital authentification - something that won't go into widespread use on the consumer side for at least two years.
The three men arrested were deliberately targeting online banks, according to a statement from Det. Sgt. Mick Randall. Police wouldn't release the names of the other banks affected, but they said they were investigating.
The attempted fraud was the first case of its kind for Egg, Nagra said, and is the first publicized instance for the Internet banking industry.
But that doesn't mean it hasn't happened, said Sigillo.
"It's usualy not in a bank's best interest to notify the public that something like this has happened," he said. Publicity about a bank's security problems can make customers hesitant about opening accounts at that particular bank, he explained.
No Customers Affected
In the Egg case, no customer accounts were affected. Nagra said the alleged con men attempted to fraudulently open credit-card accounts and apply for bank loans. She said she couldn't elaborate because the case is still being investigated.
According to the National Crime Squad, the three men, all in their 30s, live in Buckinghamshire, Bedfordshire and Northamptonshire, counties surrounding London. They used a security loophole at Egg that allowed users to open multiple accounts using the same user information, police said.
The three were released on bail last Wednesday, police said.