Why can’t a Hacker add Digits to my Bank Account?

1.82K viewsOtherTechnology

As most of money in the world is digital anyways, Why can’t people fake transactions to a Bank account or just add one or two zeros to the balance? What makes online banking so safe that this doesnt work?

Most of even well guarded things have been hacked in the past, so i would imagine it’s at least possible?

In: Technology

38 Answers

Anonymous 0 Comments

99.9% of “hacking” is really identity theft.

Basically they walk up to the teller at your bank and pretend to be you. As “you” they order a **real** transaction sending your money to some other bank, usually one outside the US where law enforcement won’t cooperate.

Digitally or in-person it’s the same process. Someone drops their metaphorical wallet and the thief takes advantage. People aren’t going into the bank systems and arbitrarily changing account values to make money appear/disappear.

Anonymous 0 Comments

Every month the bank compares the total of every transaction to the change in cash. An extra zero anywhere would get flagged by their reconciliation system immediately.

Anonymous 0 Comments

Digital does not mean arbitrary. Banks’ systems track the the flow of money from account to account. If there is no origin for the funds they can’t be ‘added’ to your account.

Anonymous 0 Comments

The effort it would take to convince every single failsafe that you do in fact have that money would get you a lot more if you just scammed a hundred thousand people out of a few dollars and then you would actually have the money

Anonymous 0 Comments

Just to add to the really good comments and speaking from my experience of working in banking, the financial system’s reconciliation is a highly laborious(and automated) process.
There are 2 major components that block such things to happen.
1. Reconciliation of records which typically happen every day like a clock work based the source of money from multiple systems. As you mentioned, it’s just not one single value in DB that is relied upon.

Though for simple stuff like a balance enquiry, the result comes from a single value in DB, the way that value is populated in DB is not by a direct update. For any update to this there needs to be a trail.
GL (general ledger systems) reconcile this data and if at all any anomaly is found they quickly flag this out.

2. Second reason is much more important and an extension to above. Any financial transaction needs to have 2 things. A credit and a debit of equal amount. Without this there is nothing that can enter into the system.

All banks/financial companies typically use something called as core banking systems for all accounting level data. There are lot of products in market (Finacle is one e.g.) which are inherently designed in a way that credit and debit entries should always match. So this is not your typical websphere or microservice based application.

Though CBS can be based on Micro services (Finacle is actually based on Micro services), the way the work is completely different.
So the value of account balance is not a inherent value but it is a derived value basis certain transaction trail. Those transaction trails are also again linked to real funds coming to associated accounts. In case a hacker with an IQ of 1000 finds a way to bypass these humungous and virtually impossible checks, the GL systems quickly find the descripancy as there may be a value in database but associated actual money is not there in the account.

Anonymous 0 Comments

Anything to do with money digitally has a transaction record e.g. “your account recevied $1 mil from Scientology Thetan Refund Society” (+ some other info like date/time etc). All the bank has to do is just look at the transaction records for your account.

If you somehow manage to edit your balance to add extra digits, the bank will easily find out because there was no transaction. 1AM you had $10, suddenly the next minute 1:01AM you have $100, and no transaction indicating where the money came from? They’d be like lol look at this noob.

Faking a transaction is a lot harder than you think. You’re not just trying to screw with the bank, you also have to screw with the sender. Because the bank sure as heck is gonna call that Scientology Thetan Refund Society “hey you guys really sent this dude $1 mi??” Basically you’re gonna have to hack the other side of the transaction as well. And that’s why you won’t be able to do it: even if the source of the transaction actually existed, their records would have to show money going out to your bank. There’d be a whole bunch of things that need to match e.g. date/time of transaction, and all sorts of system information stuff. You’re not holding a knife to some dude’s neck “tell them you sent the money or I’ll fucking cut you”.

Also, that’s just the transaction you SEE. There’s shit going on in the background as well. For example maybe there’s a fee for when certain types of transactions are made, that companies handle with the bank for you. Even if you somehow faked the transfer, you don’t know about the fees that were incurred and handled in the background. The bank would be like “huh, where is the X fee for transaction 123?” Or it could be something like a simple counter for some other purpose e.g. the state keeps track of transfers over a certain amount that cross state borders and the bank needs to report them. Those things are missing, they’ll eyeball the transaction closer and find out it was fake.

There’s a reason all the money scams you see out there are all about tricking people to send them money… they don’t fucking hack the bank, because they can’t. They need legitimate transactions, and the only way to get those is to persuade i.e. scam people to make them. They can’t just take a photo of your credit card and then fake transactions to drain money out of it; they literally have to convince you to spend money on shit like gift cards to send to them. The transactions are legitimate; the *purposes* aren’t. You think you’re paying a customs fee to get your jackpot money released, but the scammers aren’t sending you any jackpot money, they’re taking that “customs fee” from you.

Anonymous 0 Comments

Because it’s mostly based on transactions. If you received money, who gave you that money. The system doesn’t allow you or the bank to add money without removing from another account.

Anonymous 0 Comments

Data is stored in databases, what prevents a banks database admin to update a row from 1,000$ to 100,000$?