WASHINGTON (1/12/10)--So many small businesses are being targeted by cybercriminals that the Federal Bureau of Investigation (FBI) and banking organizations have issued warnings advising small businesses to dedicate a separate computer for online banking. Credit unions setting up online banking for their member business lending should note that FBI does not consider online banking safe if the business's computer used for the online banking tasks also performs e-mail and Web browsing tasks. According to the USA Today (Dec. 30), cybergangs have flooded the Internet with "banking Trojans," malicious software programs that enable criminals to sneak into the victim's PC and manipulate online accounts. The Trojans use two older banking technologies: Automated Clearing House (ACH) transfers and wire transfers to rob small firms, local governments, school districts, churches and non-profits. The victims are mostly small to mid-sized organizations using online banking accounts supplied by local credit unions and community banks. The robberies have increased so much that the FBI, the Federal Deposit Insurance Corp. (FDIC) and the Federal Reserve have all issued alerts in the past two months, said the newspaper. The FBI, which usually stays mum about what it's probing, said it has investigated more than 200 cases mostly in 2008 and 2009 where cybercriminals made fraudulent transactions of about $100 million and succeeded in stealing $40 million. Avivah Litan, banking security analyst at Gartner, a technology consulting firm, told USA Today that the firm advises anyone running small businesses to switch from commercial online accounts to individual consumer account. Consumer protection laws require banks to fully reimburse individual account holders who report fraud quickly. However, banks are invoking the Uniform Commerical Code when dealing with business account holders experiencing stolen accounts. Banks maintain the code absolves them of liability when an agreed-upon security procedure is in place and a theft is traced to a compromised PC controlled by the small business. Litan said it is not realistic for the banks to promote Internet banking as safe based on their expectation that account holders will continually secure their PCs against intrusions. Banks and others should "at least put a large disclaimer on their home Web pages advising customers that they bank online at their own risk."