

Is Your Online Bank Vulnerable To Currency Rounding Attacks? - dielel
http://blog.acrossecurity.com/2012/01/is-your-online-bank-vulnerable-to.html

======
mcherm
Tricks like this are why the bank that I work for does monitoring of
transaction behavior. Although we don't have this particular vulnerability,
imagine that we did. For the first day (or at least the first few hours) the
customer would perform the massive number of 1-cent currency conversions,
making some money in the process. Then our security department would
investigate the anomalously high number of transactions, would see what the
person was doing, and would stop it immediately.

Any system (not just a bank) needs computerized processes to handle huge
volumes of processing, but also needs human overseers who can recognize
anomalous patterns, investigate and correct. Put differently, you can fool
some of the computers all of the time, whereas humans can quite easily be
fooled some of the time but are rather resistant to being fooled all of the
time.

