Hackers are not only breaching some of the world's largestcompanies and governments, they are also attacking online bankingat the industry's most vulnerable point — the clients' own PCs.

The problem is so pervasive that the Federal FinancialInstitutions Examination Council has updated its 2005 online security guidance. In addition, theFBI and NACHA have also issued warnings.

In just one reported crime, the FBI is searching for suspectsbelieved to have stolen more than $20 million from U.S.-basedonline business accounts in just two months.

According to research firm Gartner Inc., crimeware designed totakeover online accounts and steal money is now the mostsignificant threat concerning U.S. financial institutions. There's likely a hijacked server in your backyard being usedby criminals to direct their attacks.

The root cause of the problem, as explained by the FFIEC, isthat hackers have become adept at stealing online credentials andeven taking over PCs or hijacking online sessions as they occur.

They use a variety of techniques, but they mostly involveinstalling some form of malicious software (malware) on theclient's PC or attacking servers to re-direct Internet traffic tohacker sites.

A staggering 25% of computers, according to reports from theAnti-Phishing Working Group, are infected with banking Trojansor downloaders such as ZeuS and SpyEye, used by criminals to takeover online accounts and steal millions.

Especially vulnerable are small businesses and municipalities,the preferred targets of cyber criminals, because theseorganizations often do not have the depth of resources needed tomaintain defenses throughout their networks.

And, even if they have some defenses, anti-virus technology isstill only successfully detecting these malicious attacks 30% ofthe time, and that's on a really great day.

To address the problem, the FFIEC issued a directive to creditunions and banks alike to better protect their online bankingcustomers with multiple layers of security.

That is not easy to do, however, because today's malware evolvesso rapidly it stays ahead of anti-virus and other countermeasuresand can slip by undetected.

Since examiners will assess how financial institutions satisfythese enhanced expectations starting in January 2012, nowis the time for credit unions to take decisive action to protectmembers.

One of the five layered security controls recognized by theFFIEC guidance as proven effective to help prevent fraud is the useof USB devices “that increase session security when plugged intothe customers' PC.”

They are effective because they “enable a secure link betweenthe customer's PC and the financial institution independent of thePC's operating system and application software,” according to thereport.

This “secure browsing” approach is also recognized by Gartner asone of the five critical security controls for preventing onlinebanking fraud. And, importantly, Gartner sees the client's PC asthe place to start for preventing fraud and delivering the biggestROI faster.

Kevin Bocek isdirector of product marketing for IronKey Inc. in Sunnyvale,Calif.