One of my friends is working in a Bank and is using software called Finacle owned by Infosys Technologies. One day he came to the Bank and after one hour had to leave on some emergency. Finacle logs off the user if he is inactive for a 180 seconds period. With this in mind, he did not log out of the system when he went away.
Then next day he learned that lots of transactions had taken place in his log in while he was away.
Currently all passwords are punched in when you log on to a system and till the next log out, no password prompt is there. The situation discussed above could be avoided if the system prompts for password while a user is logged on. If system asks for password say every five minutes, then unauthorised usage can be reduced to a maximum of five minutes.
If in addition to this an alert is sent to the Data centre on the punching in of wrong password, such instances can be avoided. Those smarter will not punch in the password when prompted while in unauthorised usage and for this also an alert should be sent.