Around three quarters of small and medium-sized businesses (SMBs) in the US have fallen victim to online banking fraud and many are ditching their provider as a result, according to research from Guardian Analytics and Ponemon Institute.
I'm not surprised. The banks (all except two, in the U.S) keep conincing themselves that their old-fashioned authentication methods are 'adequate' and refusing to look at modern methods of fraud-proofing their online transactions. The main enemies are trojan
horse type malware, which sits on the user's PC and reports back to its owner on every keystroke typed during an online banking transaction which, alas, is a user ID and password, and spy cameras (if the user is irresponsible enough to use an internet cafe).
An authentication method which is proof against both of the above is described at www.designsim.com.au and is rapidly being taken up by banks in Europe and the U.S.
74% Hit, 75% Success, 61% Loss => 33.85% (0.74*0.75*0.61) of all online transactions have resulted in loss of money due to fraud. How come only 3 lawsuits?
With almost 1 in 3 comprised transactions, it's apparent that virtually every bank is affected by online fraud. So, how does an affected customer decide which bank to switch to?
While the quote by the CEO of Guardian Analytics in this article advises banks to improve their security measures, the same company's
blog post states that the bank in question (Ocean Bank) had fraud monitoring technology but didn't use it to monitor the said transactions of the customer (PATCO). Was it because the technology suffered from so much false-positives that revenue losses arising
from wrongly blocked genuine transactions far exceeded any fraud losses arising from wrongly permitted fraudulent transactions? Furthermore, what can all the technology do when millions of customers hand over their Internet Banking credentials to Mint and
Surprising that banks in the USA have not seen the case for buílding up an infrastructure for secure e-banking for themselves. If customers would hold a secure authentication and verification token they would not like to leave to another, unsecure bank.
Furthermore the secure e-banking user interface would increase stickyness and thereby customer loyalty. In Scandinavia all banks offer secure customer authentication solutions and these also include transaction verfication procedures. The European Central
Bank is now proposing a mandatory two factor customer verification for all internet payment services in Europe in order to protect the important and valuable electronic payments market from fraud and misuse. Such measures will focus fraud to the still unprocteted
areas of the world.
@Jan-Olaf: Here's an interesting coincidence. Our site was hit by an attack from Sweden last night, (which is still continuing as I write) which launched 23,000 probes before the firewalls caught it. Attackng machine name is h92n5-m-sp-gr1.ias.bredband.telia.com.
I've extracted details of the first 10,000 of these probes into a file, to help other potential victims secure those areas.
Get it from www.designsim.com.au/hacker.txt
In its recently published article titled
Finding a Reasonable Definition of Commercially Reasonable, the Federal Reserve Bank of Atlanta reports
400 reported cases of corporate account takeovers involving the attempted theft of $255 million, resulting in actual losses of approximately $85 million. These are nowhere near the highly scary figures reported by the Guardian Analytics and Ponemon Institute
to £65k baseLondon, UK
© Finextra Research 2013