Why can’t a Hacker add Digits to my Bank Account?

1.85K viewsOtherTechnology

As most of money in the world is digital anyways, Why can’t people fake transactions to a Bank account or just add one or two zeros to the balance? What makes online banking so safe that this doesnt work?

Most of even well guarded things have been hacked in the past, so i would imagine it’s at least possible?

In: Technology

38 Answers

Anonymous 0 Comments

Just to add to the really good comments and speaking from my experience of working in banking, the financial system’s reconciliation is a highly laborious(and automated) process.
There are 2 major components that block such things to happen.
1. Reconciliation of records which typically happen every day like a clock work based the source of money from multiple systems. As you mentioned, it’s just not one single value in DB that is relied upon.

Though for simple stuff like a balance enquiry, the result comes from a single value in DB, the way that value is populated in DB is not by a direct update. For any update to this there needs to be a trail.
GL (general ledger systems) reconcile this data and if at all any anomaly is found they quickly flag this out.

2. Second reason is much more important and an extension to above. Any financial transaction needs to have 2 things. A credit and a debit of equal amount. Without this there is nothing that can enter into the system.

All banks/financial companies typically use something called as core banking systems for all accounting level data. There are lot of products in market (Finacle is one e.g.) which are inherently designed in a way that credit and debit entries should always match. So this is not your typical websphere or microservice based application.

Though CBS can be based on Micro services (Finacle is actually based on Micro services), the way the work is completely different.
So the value of account balance is not a inherent value but it is a derived value basis certain transaction trail. Those transaction trails are also again linked to real funds coming to associated accounts. In case a hacker with an IQ of 1000 finds a way to bypass these humungous and virtually impossible checks, the GL systems quickly find the descripancy as there may be a value in database but associated actual money is not there in the account.

You are viewing 1 out of 38 answers, click here to view all answers.