why accounitng and bank computer audits don't show missing funds right away?
"But the largest sums were stolen by hacking into a bank’s accounting systems and briefly manipulating account balances. Using the access gained by impersonating the banking officers, the criminals first would inflate a balance — for example, an account with $1,000 would be altered to show $10,000. Then $9,000 would be transferred outside the bank. The actual account holder would not suspect a problem, and it would take the bank some time to figure out what had happened. "
There is an article in the NT times about the cyber thieves stealing $300 million - $900 milllion from various banks including many US banks
I understand most of the article - the malware etc but what I don't understand is the bank transfers. About is an example. So my question is even if it was a legit bank officer instead of the cyber crooks, how would the bank software let him increase the account
balance? Doesn't the software all based on double-entry so that to increase one account balance you must decrease another?
Imagine a real bank manager who is crooked working at the bank.
The banks software wouldn't let him increase a bank account balance without reducing another account balance.
(my understanding not working in a bank. )
So I don't understand the example in the NY times article.
Suppose the following scenario which is close to Kaspersky:
You have a bank with about 40.000 customers (i.e. small in an international context)
with their normal daily business. Suppose now, that somewhere in your branch banks, some
of your employees allow 2 credits of 9.000$ and your systems show that both applications
have been approved. Both of the debtors cash out 9.000$ and use the money that your
employees have created for them towards your balance sheet. You are refinanced by your central bank
as long as your reserves/collateral are adequate, so no problem there.
So when would you recognize that one of these 2 customers was fraudulent? Or even worse:
When would you recognize, that your systems contain false data?
Last edited by choke35; February 17th, 2015 at 12:00 PM.
This post has been selected as an answer to the original posters question
Noone "pretended" that cash was deposited.
Think, you still didn't get what banks do when they create money by allowing credits.
(Technically, they also create the initial double entry in their journal.
In basic accounting terms, this is a simple balance sheet extension.
So, everything is/seems correct in the DATA sphere, but it is not in the REAL sphere.)
All other entries follow up these initial (false or correct) double entries.
So if a bank creates money that you cash out, they will only find that you are fraudulent
when you don't pay your installments.
Perhaps the following link helps you understand the matter as it also shows the accounting records
in comparison with non-financials and non-bank financial institutions: