Cybercriminals are using sophisticated tactics to outmaneuver security systems so they can steal customers' log-in credentials. One of possible attacks is using of Trojan horse programs that can steal one-time passwords and immediately transfer funds. In cases where a bank uses a phone-based authentication system, criminals can use call forwarding so that the fraudster, not the legitimate customer, gets the call from the financial institution. Because any authentication method that relies on a browser can be attacked and defeated, banks should start using server-based fraud detection to monitor transactions for suspicious patterns. The goal is to monitor log-in, navigation and transaction activity to spot any abnormalities that suggest an automated program is accessing an application. For example, a Trojan can complete transaction for less than one second while user need 20 to 30 seconds to enter a money transfer amount and confirm transfer. Security experts recommend using of fraud monitoring tools to check for significant differences between online banking transaction patterns and a customer's usual behavior.For additional information users could visit COMPUTERWORLD web site.