A survey conducted by Information Security Media found that new fraud methods, including phishing
and Internet enabled account takeovers are an increasing problem for
banks, but that many organizations are ill equipped to combat the new
threats.
Online bank fraud is a growing problem in the U.S. and
elsewhere. Hard numbers are difficult to come by, but some experts have
estimated online banking fraud – including phishing and account takeover
– to be a $1 billion a year business. The 2010 Faces of Fraud Survey polled 230 small and mid sized banks about their experiences with fraud in the past calendar year. It found that phishing
– a relatively new form of fraud- is now the third most common type of
fraud experienced by the banks surveyed, with 48% of those surveyed
reporting incidents of phishing attacks in 2010. Phishing was followed by ACH/wire fraud (or account takeovers), which were reported by 37% of respondents.
However, the survey also found banks feeling vulnerable to threats like phishing, with a perceived need for more resources and better tools to combat new forms of fraud. Phishing
was not among the top five threats that banks reported they felt
“prepared to prevent,” while just 40% of those that had experienced
account takeover attacks said they had invested in new technology to
combat account takeovers. Three quarters of the banks polled said they
detected fraud after customers notified the bank of suspicious activity.
Banks also appeared to be
lagging on efforts to fight sophisticated, cross channel fraud in which
criminal groups combine remote phishing attacks with identity theft, account takeover, check fraud, credit card fraud, ATM skimming and other types of illegal activity to raid customers accounts. One problem is that many banks are still silo-ed, with different profit centers and activities cordoned off from one another. Only 26% of respondents said their employer had a defined plan and cross functional team that can deal with cross channel fraud. 27%
had no such team and another quarter were “working on it.” Moreover,
more than half of respondents said they still use manual reports to
track fraud incidents, and just 13% felt like their organization’s fraud
detection tools were aligned with cross channel fraud patterns.