Academic journal article ABA Banking Journal

Beware! Fax Attacks!

Academic journal article ABA Banking Journal

Beware! Fax Attacks!

Article excerpt

Beware! Fax attacks!

Modern technology can bring your bank modern problems. But solutions start by using the world's oldest processor--your brain

Fax machines are nifty gadgets. When properly used, they can expedite business with the speed of a telephone. But when used improperly, they could become a speedway to losses, leaks, and lawsuits.

There are numerous types of risks associated with fax machines. Some arise from banks' insufficient or nonexistent security procedures. Some are possible because of simple human error. Some can be blamed on physical risks--such as faxes that arrive at the right company but are delivered to the wrong office or taken from the fax area by other than the intended party. And other risks arise because fax machines aren't immune from eavesdropping.


Just how much of a problem fax security has been for the banking industry is difficult to say. There are rumors and anecdotes, but no hard figures.

The federal financial regulators have not focused on the issue. While the Federal Bureau of Investigation knows of investment frauds that have been committed using fax machines, the devices have generally been tools used to send messages used in a bigger scam, not the key to the fraud itself. And, like computer frauds, this is not the kind of situation banks would go out of their way to publicize.

Yet, if you consider the following situations, it becomes painfully obvious that the potential for big trouble is there.

* The case of the too-trusting bank. "Bank Z" manages a large pension fund for its state's employees. Every day, the state comptroller's office sends its investment instructions by fax. Though the funds affected total more than $1 billion daily, no security measures are taken. In fact, no one from the bank even makes a routine callback to the comptroller's office to verify that it really sent the fax about to be executed.

This is no hypothetical example. Robert W. Edwards, a consultant, recently came back from an inspection of Bank Z's operation. He conducted it on behalf of insurance underwriters weighing the prospective insured's potential risks. Edwards, president, Risks, Ltd., Keedysville, Md., says he knows of several other banks that deal with state finance departments who also accept investment orders in this way--also without taking precautions.

There's plenty that could go wrong. Edwards points out that Bank Z's lax security means that anyone who knows the general details of the state's portfolio and the operational arrangement between the comptroller's office and the bank's investment area could send in a fraudulent fax. This could direct funds to be moved to an account the thief could then draw from.

Further, because the lack of security permits such outsiders to send in orders by fax, Edwards says it would be fairly easy for a government insider to commit a fraud and make it look like an outsider was responsible. This kind of crime could remain unsolved, he adds, unless, say, "the state's comptroller went to lunch one day and never came back."

* The case of the wayward fax. The following case comes up nearly every time the issue of fax security is discussed--for obvious reasons.

In late 1988, one of the parties to a merger faxed a 47-page confidential memorandum on the subject to a major shareholder--or so it thought. Actually, the memo--complete with significant margin notes--had been faxed to The Wall Street Journal's Chicago bureau. The newspaper's fax number and the shareholder's differed by only one digit and a new employee at the corporation had misdialed. The newspaper went with the story and the company subsequently dropped out of the deal.

While misdialing is risky enough, another risk is misrouting. Carelessness in pulling fax numbers out of bank or other directories can result in sending a fax meant for Bank X to Bank Y instead. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.