Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceBanking/Finance/Insurance

Salami attacks: Small deposits resulting in significant losses

By Jenn Redlich
Man holds credit card by laptop
November 12, 2021

Digital transformation has taken hold as organizations adopt digital technologies that improve business processes. The payments industry has followed the adoption of these new formats. Digital payments have boomed in the last year due to their flexibility and reliability in ensuring a more seamless payment process for businesses.

With the influx of digital payments, naturally cyberattacks follow suit, with hackers targeting vulnerable victims across several industries. These attacks come in all shapes and sizes and can result in major losses. The International Journal of Engineering & Advanced Technology found that salami, phishing, ransomware and cryptojacking attacks were among the four most common for financial gain. Let’s focus on salami attacks.

Salami attacks consist of a sequence of small, fraudulent transactions that can easily bypass detection but, combined, can result in considerable losses. While not new to the modern payments landscape, fraudsters are constantly developing new ways to automate processes with enhanced technology that attacks before businesses can detect or take action.

One area cyberattackers may target are ACH bank transfers, where micro-deposit verification of accounts is exploited for this specific purpose. By design, micro-deposits happen before bank accounts are verified, granting bad actors the opportunity to fraudulently hoard funds. While micro-deposits only take a few cents at a time, they can become a fraudster’s paradise to target and abuse.

How micro-deposits can pave a path to salami attacks

Applications use micro-deposits to verify a user actually has access to the bank account they have provided. When the user provides an account and routing number, the application initiates small payments, usually pennies, to that account. Once the payments clear, the user can report the actual amounts of the deposits back to the application and verify the bank account.

Fraudsters leverage micro-deposits for “salami” attacks when they manipulate transactions to be abused by them or their groups. In doing so, fraudsters create thousands of new accounts with bank account and routing numbers to test against the systems or steal them. They verify the information is accurate by seeking out successful return codes and transfers before plotting their attacks.

Think about the impact of thousands of new user signups initiating micro-deposits for verification in the timeframe of a couple of hours. In terms of direct losses, this may result in a few hundred dollars, which seems minimal, but indirect losses from the manual labor and severe reputational damage in cleaning up these messes can accumulate.

So why do cybercriminals execute these attacks that may yield a relatively small sum of money? 

  1. To bury it in alerts and logs, making it harder for finance organizations to detect and respond to; or to draw attention elsewhere while planning an even more impactful parallel attack.
  2. To pinpoint bank accounts they can easily target. If fraudsters can determine micro-deposits weren't returned — regardless of whether they can see the actual amount — the attackers have confirmation the account and routing number combination is valid. This can directly impact consumers if businesses fail to be proactive, even if the costs to the business are minimal.
  3. To test the waters and see what an organization’s reaction is in a situation where suspicious activity is present. By examining a bank’s defenses, fraudsters can plan a secondary or more significant attack down the road. High-level fraudsters know the ins and outs of staying under the radar to make a big move before financial organizations can detect activity.

Safeguarding financial organizations from salami attacks

While a bank’s application is the primary provider of payment capabilities to its users, financial organizations must be the principal defender of their end users by monitoring for suspicious activity, taking actions to prevent attacks from happening and reacting quickly to fraudulent activity within the application. But what if banks don’t have the resources to combat these attacks? What can cybersecurity leaders do to prevent or eliminate fraudulent activity? These are some of the best practices to protect the platform from attacks:

  • Use the Application Programming Interface (API) to suspend or deactivate suspicious accounts or unusual activity when detected.
  • Stay informed of the use of disposable email domains that showcase signs of attacker activity, precisely when associated with an alarming number of user signups.
  • Audit for oddities in the rate or number of account signups or funding source additions, exclusively for those sharing similar characteristics such as bank account, email or name.
  • Forbid micro-deposit validation as the typical first step and use Instant Account/Bank Verification (IAV/IAB).
  • Scan for multiple accountancy that shares the same funding source by using bank account fingerprinting.
  • Incorporate guidelines that require validation of email addresses upon an end-user signup and multi-factor authentication for end-user login. Having these verifications in place makes automation of account abuse undoubtedly harder.
  • Administer limits to the number of bank accounts an end user can attach. This will also make it significantly more difficult for a fraudster to carry out an attack.

As digital payments continue to expand, it’s increasingly crucial for businesses to remain vigilant of fraudsters carrying out attacks that can cause impacts on multiple levels. Implementing these best practices and staying attentive to defending end users can decrease the likelihood of fraudsters executing a salami attack.

KEYWORDS: API security authentication bank cybersecurity cyber attack detection cyber security threat finance cybersecurity fraud prevention mobile banking

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Jenn Redlich is a Payment Operations Risk Manager at Dwolla, the programmable payments platform. She specializes in risk management and loss mitigation and has a passion for protecting consumers and businesses from bad actors and overall financial risk. Jenn is a Nacha Accredited Payments Risk Professional (APRP). Jenn previously worked in the Credit Union industry at First Tech, where she took on various positions including Senior Collector and Fraud Specialist.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • SEC1019-career-Feat-slide1_900px

    As Cyber Attacks Become More Prevalent, Here’s Why Your Small Business is at Risk

    See More
  • Atlas VPN

    Americans report 168k imposter scam cases amounting to $300M in losses YTD

    See More
  • cyberinsurance

    With ransomware attacks increasing, cyber insurance now seen as a necessity, not a luxury

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing