Why can’t a Hacker add Digits to my Bank Account?

1.70K viewsOtherTechnology

As most of money in the world is digital anyways, Why can’t people fake transactions to a Bank account or just add one or two zeros to the balance? What makes online banking so safe that this doesnt work?

Most of even well guarded things have been hacked in the past, so i would imagine it’s at least possible?

In: Technology

38 Answers

Anonymous 0 Comments

> Most of even well guarded things have been hacked in the past, so i would imagine it’s at least possible?

Thats not true by any means. Stuff like facebook, twitter or google drive, probably not even apples cloud have ever been “hacked” individual user accounts have been “hacked” aka someome guessed their password.

Thats not the same as hacking the system. There is plenty of crimes about stealing creddit cards and bank data.

But just like noone ever got access to the facebook servers noone ever got acces to bank servers.

Anonymous 0 Comments

Putting aside the technical feasibility of getting into the system.

It’s not like the bank only has one number for you, that represents your balance, and they have to believe whatever that number says.

They also track every transaction that led to that current number. All the money that went in and out of your bank account, that all adds up to your current balance.

The moment all this unexplained new money in your account gets noticed, whether by a regular automated system audit or a check that happens when you try to access the money, the bank is gonna start asking you where it came from.

Edit: Yes, a smart hacker could theoretically carry out a much more comprehensive and sophisticated attack. The point is it’s not as simple as just getting in there (however you pull that off) and changing one number. You would need a pretty detailed plan to cover your tracks, that involves all sorts of other fun crimes and specialized knowledge.

Anonymous 0 Comments

The technologies are constantly changing but the key principles are identification and trust. If bank A tells bank B that a money transfer has happened, bank B has to:

1. Trust bank A is telling the truth.
2. Believe that it really was bank A saying that and not someone impersonating them.

The first is done by banking regulations and agreements. If I wake up tomorrow and announce to the world, “hey, I’m a bank,” that is a long way from my being able to participate in the banking community.

The second is done by a variety of methods from secure channels to encryption methods that don’t only keep the messages secret but also stop people from impersonating them.

Anonymous 0 Comments

Breaking into a bank and artificially inflating your account value is possible. But, for the technical skills required, and the risk involved, there is lower hanging fruit elsewhere. 

Cybercriminals are constantly balancing risk and reward for targets within their skill set. Banks have more security, and more auditing than other institutions with similar amounts of liquid assets.

Anonymous 0 Comments

It’s not that it’s impossible, it’s just easier to break the piggy bank and take money out of it than it is to pretend to put money into it. Banks can check the piggy bank through systems like Swift which handles  payment messages, as well as their own internal records and audit logs.  

 Hackers also balance risk and reward, there’s limited benefit to inflating your account when they could spend the time robbing the bank. 

 If I hacked your bank and increased the balance value of your account there’s also quite a few things stopping you from withdrawing that money (mainly send/withdrawal limits, limited cash in ATMs, approvals for large transactions) and nothing stopping the bank from returning the value to its original state after its discovered.  

 Hacks on banks do happen, you can read about some here: https://qz.com/12-african-countries-lost-11-million-to-hackers-1849751086

In one example the hackers had to use 400 mules accounts to withdraw money from ATMs overnight, that’s quite a bit of man power required to move money out. 

Anonymous 0 Comments

maybe its different in a more modern country, but in my region, banks still do manual tally and regular checks.

so they compare between records. digital and physical. they even have a huge safe containing physical records.

when you do large transaction also requires approval from manual human being.

the digital system also supposedly follow banking security standard.

so the ELI5 probably: because hacker need to hack not only the digital records but also the physical records and also the humans. and the digital system itself is also very hardened from hacks.

Anonymous 0 Comments

In short, your bank account is not your account balance.

The balance is not a bag, but a piece of paper showing the result of subtracting everything that went out and adding everything that went in.

 Scribbling a bigger number on this piece of paper will only last up to the second any more money is put in or taken out.

Knowing this, the one way to add “digits” to it is by putting “digits” in, which is not in their best interest.

Anonymous 0 Comments

On a related note, there is a common scam where someone takes control of your PC and changes the code of your banks web page to show a different amount than is actually there. This is defeated by clicking a link but unfortunately works on enough people to be profitable for scammers.

Anonymous 0 Comments

There have been digital bank robberies, such as: [Bangladesh Bank robbery](https://en.wikipedia.org/wiki/Bangladesh_Bank_robbery)

But there’s a multi-layered system of security to try and block these sort of attacks. The reason these attacks worked is that there was inside information and insider-provided access to key systems.

Typically, bank transfers are verified and accepted by one or more banks, which have information about previous transactions and e.g. balances. You can not simply send a transfer message to them; they would not accept it. They only accept specifically encrypted messages, coming from specific origins, and these messages are checked for validity.

Similarly, you can not send a message to Reddit saying that you are now replying to a comment as ‘tzaeru’. There’s technical implementations for why that isn’t possible, but the overall topic is fairly complex and in-depth.

In some cases, the bank receiving or accepting a request does not have full view to the previous transactions and balances. This is the case in e.g. bank transfers across jurisdictions and different banks. There is, indeed, potential for fradulent messages there, but you need inside secrets – such as secret keys, credentials, etc – for those attacks.

Anonymous 0 Comments

As a programmer if I was displaying your bank balance then the code would look something like this:

balance = credits() – debits() – outstandingCharges();

Each of these function calls extract information from the systems back end via encrypted communication channels. If the back end is compromised then it is not just your account that is screwed: the entire bank is screwed.

It is not just a number on the screen.