" The majority of the recent online banking fraud occurred because attackers were able to infect computers used for online banking and commercial online cash management services with Trojans or other malware, generally with the ability to capture passwords, steal documents and cookies, and remote control the infected machine. The first layer of defense is to educate clients on practices that will keep their systems from becoming infected."

- Preparing for the 2011 FFIEC Online Banking Guidance–Introduction

The lack of control over customer machines and commercial account employees is a common topic of discussion during out FFIEC and Continuous Compliance reviews. Many e-banking agreements require updated OS and other malware/virus protection. However, many customer machines that are used for both personal and commercial transactions fail to keep OS and anti-virus patches current. Banks are currently developing ways to increase online banking education and ensure PC security on the customer equipment. Many clients have turned to Bomgar applications to allow one on one support for their customer base. This ability allows remote support by the bank to a customers local PC. Other banking environments include self assessment forms that commercial customers would be required to complete and submit to ensure environment/PC security. Standard security tokens are the best form of enhance security for commercial accounts, however recent news has shown that these mitigating security features are becoming hackable. Educating customers on phishing attempts, bank secure URL, Trojan/Keylogger and additional security features like tokens will help to ensure against malicious attacks on online banking customers.