The criminals can remotely initiate right through the victim's desktop computer, and these unauthorized payments end up in the bank accounts of the money mules helping them. Corporate bank customers, when they discover what happened, have to plead their case with the banks, and under the law, corporate customers don't have the same sort of fraud protections for lost amounts in this regard as consumers in online banking.

Some banks are moving more forcefully to try to prevent these types of attacks on their customers and the banking system.

For example, Fairfield County Bank, based in Connecticut, has decided in order to prevent attacks, it will require its corporate ACH banking customers -- about 80 companies with several hundred end users -- to make use of a specific security protection for ACH payments.

All of the bank's customers will get a IronKey Trusted Access for Banking token, which is a secure USB token that can be managed via the . The handheld IronKey USB device, plugged into a computer, aims to protect against keylogging and browser-based attacks and malware by essentially creating a controlled online work environment separate from the user's operating system.

"It will be required," says Christina Bodine, assistant vice president, cash-management office and business e-banking, at Fairfield County Bank.