Security measures, such as one-time passwords and user authentication via SMS, until recently, considered one of the most reliable form of protection. But today this is no longer enough to protect online banking systems from stealing money from customer accounts. Botnets and used increasingly sophisticated tactics of bypassing security systems of banks and financial institutions to take possession of client credentials to log into the automated banking system and the theft of money on the account of his mules.
Trojan now can be hidden inside a Web browser client and the bank’s own money using overtake one-time passwords to bogus accounts, or it captures the very session of the transactions between the bank and the customer and makes changes to it without your knowledge in the process of transfer payment information to the bank. In cases where the bank uses the authentication on the phone (sounded – in the slang of carders) caller uses call forwarding, so he answered the questions of bank employees instead of a real bank customer who allegedly received a call from a financial institution. In general, any procedure authentication, which relies on a web browser that can be attacked, and banks must begin to use server-side scripts detect theft of money their customers and identify suspicious transactions.\
For example, the European Bank for using monitoring technology transactions found that Trojan horse completes the transaction to withdraw cash funds from the accounts more quickly than would have done a real person. Trojan can just one second to enter the amount of money transfer, account number, drop and click OK, then how a person would require 20 to 30 seconds of time. But now the tools to identify unusual behavior of online banking customers has yet to take root.