Why can’t a Hacker add Digits to my Bank Account?

1.84K viewsOtherTechnology

As most of money in the world is digital anyways, Why can’t people fake transactions to a Bank account or just add one or two zeros to the balance? What makes online banking so safe that this doesnt work?

Most of even well guarded things have been hacked in the past, so i would imagine it’s at least possible?

In: Technology

38 Answers

Anonymous 0 Comments

Banks are highly regulated industries, and a substantial amount of that regulation is designed specifically to prevent this kind of fraud.

Money can’t just appear out of nowhere into an account without serious red flags going off. You need a paper trail showing where that money came from.

Similarly, large sums of money can’t just be transferred out of Elon Musk’s bank and into yours, without regulators (not to mention Elon’s accountants) asking “what is Elon Musk paying this guy for?”

Anonymous 0 Comments

As someone who reviews bank transactions , I am reviewing every amount coming in to a specific number. If all deposits don’t match that number I find the one that doesn’t

Anonymous 0 Comments

There are some decent-ish answers here but everyone is missing the single biggest control that the bank (and every organization) has in its financial systems:

You **NEVER EVER UNDER ANY CIRCUMSTANCES** have a **singular** transaction take place.

You may, as a customer, perceive just one side of the transaction but to the bank there are always two (or more) transactions taking place, and these transactions **balance**.

If you go to a bank branch and deposit $200 then two transactions take place: your bank account balance (the bank’s *liability* to you) increases $200, and the amount of cash that particular bank branch has (an *asset*) also increases by $200. These two cancel each other out to $0.

If you spend money on a Visa debit card, the balance of your bank account goes down $200 and the balance of the bank’s clearing account to Visa (a liability) increases by $200.

Every transaction works like this, and the system is designed to prevent anything that doesn’t balance being posted. If, due to a failure or error, something does get through, it won’t be too hard for the bank to find the errant transaction. And they **will notice** when the accounts stop balancing.

So, a hacker who increases your account balance needs to reduce some other liability account or increase some asset account. Sooner or later, someone, or an automated control, will most likely pick this up. It’s not impossible but this makes it much harder than just adding zeroes to your account.

Anonymous 0 Comments

It’s not that a hacker couldn’t do it, it’s that the discrepancy would likely be detected, investigated, and reversed at some point.

Banks typically would have many automated systems in place that regularly check for discrepancies between how much money they should have vs how much money they actually have.

Anonymous 0 Comments

it’s not as simple as you would think

* balances aren’t balances, they are aggregates of transactions
* no system is beyond hacking. A fairly sophisticated insider could introduce fake transactions into the system, but the money still has to come from somewhere.
* even real payments are closely scrutinized for suspicious activity- it isn’t just a system where some guy is like “transfer this money from account x to account y” and the system checks balances does a transfer like a CS101 atm machine project. There are like a dozen steps of anti-money-laundering and sanctions evasion and KYC and suspicious activity stuff that happen between the transfer being initiated and the money actually moving
* banks are almost junior members of the western intelligence services in terms of the amount of monitoring and snooping they do

Anonymous 0 Comments

The bank is redundant and will have systems in place to catch errors like that. It’s much harder to add money that doesn’t exist and leave it in the bank’s control than to withdraw money that does and run before the bank realizes something is wrong.

Anonymous 0 Comments

It’s *extremely* difficult to do without insider information on the bank internal systems (what servers, which interactions), internal controls (what automated checks ? Where ? When ?). If you intend to transfer money out of the bank to another account in a different bank there are several intermediaries with little trust in each others so a ton of controls you need to know about, and you leave traces everywhere.

There are much easier scams to run for easier and more than enough profits.

Like any burglar, hackers are going for the easy, quick win targets.

People are mentioning some previous bank hacks here but it’s just ATM spitting out their cash, not an actual bank hack.

Anonymous 0 Comments

Probably easier to hack something that adds money to an account rather than the bank itself.

Anonymous 0 Comments

There’s multiple redundant audit trails surrounding financial transactions and it’s not just one number that represents your balance.

Anonymous 0 Comments

Servers log stuff. Who connected, from where, when, what they did, what they clicked on, so forth. Everything leaves a long tail of logs.

Banks might even have separate, one-way systems for logging, so in case server gets hacked, hackers can’t delete logs.

That means that hackers will be detected, and since only reason to hack a bank is to steal information or add money (a personal interest), cops will put the picture together quite quickly. Plus, banks can usually afford any imaginable level of investigation, often having their own expert teams for this.