The mafia targets bank insiders

Fast cars and sawn-off shotguns are going out of fashion with bank robbers. These days they are more likely to be at the other end of an internet connection, armed with a big bag of money to bribe bank employees.

The attempted theft of £220m from Sumitomo Mitsui Bank earlier this year sent a chilling message rattling through the financial industry - crime has moved on to a more sophisticated level.

It appears that a keystroke logging device was planted on a computer to siphon information, such as usernames and passwords. Fortunately, police got wind of this early on to ensure it never succeeded.

And, as well as high-tech attacks like this, regulators are now warning that attacks using insiders are becoming more common.

Earlier this month, the Financial Services Authority (FSA) warned firms to beware of criminal gang members getting jobs in firms and sending information back to their bosses.

Callum McCarthy, chairman of the FSA warned in a speech earlier this month: "There is increasing evidence that organised criminal groups are placing their own people in financial services firms so that they can increase their knowledge of firms' systems and controls and thus learn how to circumvent them to commit their frauds."

More than two-thirds (68 per cent) of information stolen from companies with more than a thousand employees was taken by an insider, according to a study commissioned by the National Hi-Tech Crime Unit (NHTCU). It also found that more than half of IT staff have no formal qualifications. According to the survey, the minimum cost of e-crime on business is £2.4bn.

Criminals have had to become more subtle in their approach to bank robbery. Norman Bolton, director at security consultancy C2i International and former member of the Specialist Operations division at Scotland Yard said the risks are too high today for smash and grab raids.

He told silicon.com: "The risks - both physical and prison sentence-wise - are much lower for 'white collar crime' and the rewards can be much higher, as the recent Sumitomo case demonstrated."

Bolton added: "Obtaining sensitive information, whether through bribery or directly from low-level staff who are members of mafia-type gangs, is probably the hardest part of this kind of fraud.

"Traditional bank robberies have been in decline for years. The chances of getting caught, or shot, have increased in line with a proliferation in surveillance systems and armed police and it's also difficult to launder large quantities of money."

The Association of Payment and Clearing Systems said that criminal groups are tempting employees with money in return for information. A spokeswoman for the organisation said that criminals are now forced to work harder to find the weak spots in an organisation as in many cases, most defences have improved.

Jemma Smith of Apacs said: "We've seen more activity from organised gangs, but also gangs targeting staff. From a gang's point of view they will always go to the weakest link. It's in a bank's interest to keep up to date."

Spotting a rogue employee is being made harder by the Data Protection Act, which prevents firms sharing employee information with others without the approval of the subject.

As McCarthy pointed out in his speech: "The work on staff fraud has highlighted concerns about whether data protection rules make data sharing unnecessarily difficult, and we will be involved in seeking a resolution to the problem."