@Anonymous wrote:
I had told the Company to remove this transfer service from my account and they said they couldnt do that. There does not seem to be much security with this Blue Bird American exspress card. Do they prosecute the Individuals doing this? I am waiting for the Investigation of this fraudulent act.
Others have already spoken about the risk of compromise and what to do, so I'll speak to this part instead.
The ability to transfer money from an account is pretty integrated in most financial services applications, so I'm not surprised they can't disable it. That said, there are typically pretty good security measures you can implement in order to prevent what you describe from happening. Find a bank that does additional verification and bank with them instead. For example, some accounts will require you to verify a transaction by them sending a text or email to a known and confirmed phone number or email. This means if someone does get into your account, they can't send money unless they also have access to your phone and/or email inbox. Some institutions require you to set up trusted accounts money can be sent to in advance, whereby they verify account numbers and do dummy deposits that you must verify. Initiating this process sends notifications to the account owner so you would have been instantly notified of their actions, and since the verification takes a few days, you'd have had plenty of time to correct the situation before any money was transferred.
As for prosecution, that's just not how the law works in cyberspace. If you're lucky, the people who did this are morons and they did nothing to protect themselves from prosecution - namely, they didn't hide where they came from and they did the transaction from a computer in the US. Even then, they have to have done at least so much financial damage before LE is going to waste many cycles on it, and frankly a couple thousand dollars by itself isn't going to raise any eyebrows at the local FBI branch. If they nabbed a million or so from multiple hosts, then you got a chance.
Most kiddies are dumb, but a little more clever than that. Instead, they'll jump through a proxy or a compromised host on their botnet that sits in a country with different (or no) cybercrime laws. This both makes it harder to track, particularly if they cleaned up after themselves on the springbox host, and difficult to prosecute since the law typically says the country where the computer that the deeds were done from is the one who gets to apply their laws to the case. If they trace it back to a computer in Russia, Brazil, China, or a number of other countries, good luck ever seeing anything come of it.
