Over a dozen multinationals from the financial, telecommunications and computer industries have formed a group to combat phishing crimes, in which scam artists use stolen passwords to hijack Internet bank accounts. The formation of the alliance comes as a new study from Gartner indicates that US banks suffered losses of $2.4 billion in thefts from customer accounts in the past 12 months.
Founding members of the The Trusted Electronic Communications Forum (TECF), include ABN Amro, E*Trade Financial, Fidelity, Fleet Boston, HSBC, National City Bank, Royal Bank of Scotland and Schwab. The consortium says it will research and promote technical standards and best business practice in the fight against phishing, spoofing and identity theft.
Milton Santiago, SVP, ABN Amro Services Company, says: "We recognise that phishing and spoofing is a serious problem for our customers and, as such, it needs our immediate attention."
According to Gartner, illegal access to current accounts is the fastest-growing type of US financial consumer fraud, and thieves appear to be proliferating through online channels.
Based on a survey of 5000 online US adults in April 2004, Gartner estimates 1.98 million online adults have experienced this sort of crime in the past 12 months. The cost is approximately $2.4 billion in direct fraud losses, or an average of $1200 per victim.
"In most cases that are not inside jobs, thieves likely stole account numbers and passwords to get into accounts online or through telephone banking services," says Avivah Litan, vice president and research director at Gartner. "Neither method involves face-to-face transactions."
She says banks must implement stronger access controls to online and telephone banking systems: "Shared-secret authentication is a good practical solution for strengthening access controls for online and telephone banking."
This may involve the exchange of photographs, as advocated by PassMark Security, or the use of two factor token authentication using chip and PIN cards.