Here's a problem BAM tools should be able to handle fairly soon if the BAM industry continues to develop more powerful event processing capabilities.

In my article, Avoiding Disasters Waiting to Happen," I gave you the example of a banking Web site that had been "phished." This resulted in crooks being able to use stolen identities and passwords to do things that the bank's legitimate customers never did. Because the bank was IT blind it never detected that its supposed customers were behaving in strange ways in effect, throwing their money away.

Since that article, the facts about the magnitude of online banking theft have come out. Nearly two million Americans had their checking accounts raided by criminals in the 12 months preceding June 2004, according to Gartner. Consumers reported an average loss per incident of $1,200, pushing total losses higher than $2 billion for the year. Gartner's report, authored by Avivah Litan, blames online banking for most of the problem.

"There has been a big increase in the abuse of existing checking accounts," Litan said. "What's really scary about it is right now there are no back-end fraud detection solutions for it. The industry was reeling in part because there is no software designed to detect unusual checking account withdrawal patterns, outside of software that looks for money laundering, which doesn't catch simple unauthorized withdrawals.

Banks tend to reimburse these kinds of consumer losses. Litan's report will tell you more about that.

How did all this loss of money come about?

• The banking industry has aggressively marketed online banking as a way of reducing operating costs and increasing business.
• Banks have not invested in the technology needed to provide IT insight into their Web sites. They are IT blind at the moment.
• Banks are investing in making it harder to create fraudulent credit and debit cards. So, guess what. The crooks are moving to new hunting grounds.
• The crooks have gotten better at identity theft. Phishing is only one method of getting gullible customers to divulge their precious information. And the crooks have developed sophisticated phishing technology, even taking advantage of loopholes in browsers to fake the URL window of cloned Web sites to show the URL of a bank's Web site. If you ask the FBI to close a cloned Web site running on a server with Internet access through an ISP in the USA, a new server will immediately pop up in China.
• Some percentage of customers are never going to learn, no matter how many warning messages a bank sends out about not falling into identity theft traps. If a bank has 4 million active customers using its Web site, and one per cent of them are brainless, that's 40,000 accounts that need watching for unusual activity.