Why can’t a Hacker add Digits to my Bank Account?

1.64K viewsOtherTechnology

As most of money in the world is digital anyways, Why can’t people fake transactions to a Bank account or just add one or two zeros to the balance? What makes online banking so safe that this doesnt work?

Most of even well guarded things have been hacked in the past, so i would imagine it’s at least possible?

In: Technology

38 Answers

Anonymous 0 Comments

Because of every bank account transactions are logged. The computer system has an automated auditing system which balances every transaction.

If a fund transfer fails. There would be a flag on the system that logs the electronic transaction failed. A human auditor will do a manual entry correct the data for the transaction to push through.

I experienced this btw when to my sister was deducted 4x of the same amount. During a fund transfer system app error. I went to my bank to print out a statement of account to verify if the transaction pushed through. It turns out only 2 or 4 transactions were credited. A human auditor made a manual data entry on the logs.

My sister then used my bank statement as evidence to get a refund on her online bank. Which she got refunded back after they concluded their investigation.

Next story: A friend of mine worked as IT crew for an ATM vendor. When they were deployed on site to the bank to fix their ATM system. They have supervisors walking around watching over their backs while they work on the code. She said her parents had an account on the bank. She searched for it and found how little money they had. 😆

She says she was tempted to add money to the account. Since she literally had keys inside the kingdom vaults to do it. But decided against it because she knows it wouldn’t work. As every action she does is automatically logged. It will be traced backed to her that she made unauthorized changes.

Anonymous 0 Comments

there is a good podcast episode regarding hacking banks

https://darknetdiaries.com/transcript/23/

Anonymous 0 Comments

Short answer is an auditable paper trail of transactions. THAT BEING SAID, this is very possible. Most banks have a core banking sync that happens every day, technically if you can inject a transaction in that middleware it will go through with 0 verification. Can they catch you? yes but it’s a nightmare and unless the tranzaction is stupid in size and not just a rounding error for that day’s report you will likely get away with it. The problem, however, still remains – your leaving a trail of made-up money whenever you do this.

Anonymous 0 Comments

You can’t just “create” money in an account without a paper trail saying where it came from.

The bank balance doesn’t exist on its own. Rather, banks operate a ledger system, and the balance is calculated off of that.

A ledger is a record of all transactions in and out of an account.

Imagine I give my kid a small allowance, but I let them “deposit” money with me for safe keeping. We track the balance in handwritten “bank book”.

He deposits $10, so we write in “$10 deposited” and I initial it. Next to it, we update the balance to $10. Repeat that next week. We write “$10 deposited”, I initial it, and the balance updates to $20.

He gets clever, and thinks “I want to buy a PS5, but I’d need $500 for that. Maybe I can trick dad into thinking I have $500.” He steals the bank book, and updates the balance to $500, then sneaks it back into the drawer.

The next day he asks to withdraw $500 to buy a PS5. I say “Hah, sure bud lets check your bank balance.” I open the ledger and surprise, it says $500 balance.

The ledger though says $10 deposited, $10 deposited. Should only add up to $20. I make the correction, and ground him for fraud.

He can change the balance all he wants, but the ledger is what matters. The ledger needs to be updated too.

This expands the question: What if he writes in $480 deposited and forges my initials?

Well jokes on him, because the book is only one copy of the ledger. I have a digital copy too, and it only shows $10 deposited twice. Ledgers don’t match, so I do a little audit, realize I definitely don’t have $480 of misplaced cash, and he’s just as grounded.

What if he knows about the digital ledger and forges that as well?
As part of my audit, I’m checking the write history of the ledger. I know who accessed the file and when it was updated, and I can confirm that it wasn’t an authorized access to the ledger. Lets tack an unauthorized access charge onto his grounding, an extra week.

One more step: What if he’s an actual hacker, and manages to update the digital copy of the record in a way that says it was updated by me with my phone while the phone was in my possession. This is the beauty of ledgers: The money has to come from and/or go somewhere, which means the transaction has to agree with their ledger too.

If my son truly deposited $480, then that means there’s either $480 of misplaced cash somewhere in the home, OR I deposited the cash into my bank account, and the ledger there would confirm it. I check my bank transactions and see no deposits. I check my wife’s just in case. No evidence of the other side of this $480 transaction. So together we turn over all the couch cushions and sock drawers in the home looking for the $480 my son supposedly deposited. Much in the same way that you’d expect a bank to check an ATM after it ate your deposit.

We find nothing. No evidence that my son ever gave us $480 to deposit into his bank account. Now he’s super grounded, and he’s cleaning up the mess we made searching the home to boot.

This is the power of ledgers for financial transactions. Even if you managed to hack your account and add a few zeros, the bank ledger(s) need to match, so you need to fake a transaction. That ledger is backed up in multiple digital locations, so you need to update them all, and finally the ledger needs to agree with the ledger of the institution that supposedly sent the money, along with a corresponding bank account balance that the money is supposedly coming from.

At that point, all you’re really doing is stealing money in the hardest, most complicated way possible.

Anonymous 0 Comments

There’s different types of “hacked”.

When you hear a platform has been hacked, what that generally means is somebody got the ability to *read* their files. That’s very different from having the ability to *write files undetected*.

It’s like if you’re a kid, it’s much easier to read your parents’ mail than it is to forge handwritten letters from your parents.

Anonymous 0 Comments

Imagine you have a bank account of $10,000 (yes this is a dream for a lot of people). Then you pay a hacker to add a zero. Even in the worst banking system, the change of $90,000 is going to set off alarms when the system automatically checks the difference in balance between start of business day and end of business day. The bank will have someone look through the transaction logs add see that there is no transaction adding that large sum of money to the account.

So you pay the hacker to also alter the previous days balances….. Eventually they will alter something outside of the possible pending period. As in something too old to be altered without automatically sending up a red flag. It’s one thing to change a week old account balance with a fraud report filed, it’s completely different when there is no reason given.

And then, the bank may have a master file for end of month numbers. Something not connected to the internet, something that cannot be hacked. Running the numbers between an offline master copy and the deposits and withdrawals will easily flag discrepancies. How long does it take the bank to rerun the monthly numbers? a matter of minutes for all their accounts.

Anonymous 0 Comments

Money is not fully digital yet. For most currencies, banks are required to have a fraction of all their deposits in physical currency, and the central bank strictly controls the ratio of “virtual” deposits and the actual physical currency deposits. So the bank is always required to know how much physical money they have and the total virtual money in the accounts. If the value deviates too much, the ratio will fall below the minimum required, which will trigger all kinds of alarms and they will track down the source of the problem.

That is starting to change, and major central banks are developing and deploying “real” digital currency, and they are a kind of cryptocurrency. I don’t know the specifics on the design of digital dollar, but if they borrow from the current existing cryptocurrencies, they will have strictly verifiable transactions via cryptography, and the database of all transactions that ever happened with the currency will be replicated via multiple independent agents, who can verify all the transactions independently. This way, by just knowing the public keys of the Fed (which, as the name implies, would be public knowledge), anyone with the digital dollar transactions database would be able to verify every issuance and transfer, and verify the total is unchanged.

So, the only way for a hacker to fool this system is fooling every single independent validator of the database (which I imagine would be every major bank) at the same time, and every new validator that enters the system in the future (otherwise they would raise the alarm when they find some inconsistency in the past transactions). So, it would be pretty much impossible…

Anonymous 0 Comments

Double-entry accounting. You’d have to change the numbers in two places to make it balance, and if you do that, neither account will reconcile on a transaction-by-transaction basis.

Anonymous 0 Comments

The Duel accounting method entire purpose is to pick up this sort of behaviour and has been used since the Italians invented banking as we know it

https://smallbusiness.chron.com/explanation-dual-method-accounting-36524.html

Iv yet to see this system beaten even by top tier traders who knew their shit and still got caught out

Anonymous 0 Comments

Banks perform regular audits and reconciliations, with balances coming from date and time stamped transactions. If you were to, say, go back in time and make a large withdrawal transaction much smaller, or a small deposit transaction much larger, it should come up in a future audit that these balances changed.

Banks that are worth their while have offline backup records – so they’ll be able to find out exactly what changed to throw off that future audit by comparing the offline records to the online records. And then they would begin a very thorough investigation of their system logs to find out how and why their live records changed in a way that doesn’t agree with the offline backups.