17 September 2014

US small businesses ditch banks over online fraud

06 August 2012  |  6682 views  |  5 biometric  face pointer

Around three quarters of small and medium-sized businesses (SMBs) in the US have fallen victim to online banking fraud and many are ditching their provider as a result, according to research from Guardian Analytics and Ponemon Institute.

A survey of 998 SMBs shows that 54% now use mobile devices to access online banking, up from 23% in 2010. Meanwhile, the proportion doing all business banking online has more than doubled from nine per cent two years ago to 20%.

The use of electronic channels is popular with crooks as well as businesses: 74% of SMBs quizzed have been hit be electronic banking fraud, 52% in the past year. Just under three quarters of these online fraud attacks result in the successful transfer of money and, despite efforts by financial institutions to recover funds, 61% result in lost money.

Reimbursement of losses varies - in some cases the business takes the full hit, in some instances it is shared, and in a quarter, banks pay out fully.

A big majority - 72% - of respondents hold their financial institution primarily accountable for ensuring that their online bank account is secure. However, only 43% say their provider takes appropriate action to limit risky transactions.

This means that when fraud does happen, it costs banks business: 56% of SMBs indicate that it would take only one successful attack to lose confidence in their financial institution's ability to provide adequate security. Around 40% have taken some, or all, of their business elsewhere.

Terry Austin, CEO, Guardian Analytics. "The Ponemon Institute's study clearly outlines the strategic impact that fraud has on a financial institution - lost profits and lost customers. Further, recent court cases have sided with businesses when it comes to fraud liability, emphasizing financial institutions need sound practices and security to protect customers from account takeover attacks."

Comments: (5)

Mark Sitkowski - Design Simulation Systems Ltd - Melbourne | 07 August, 2012, 07:47

I'm not surprised. The banks (all except two, in the U.S) keep conincing themselves that their old-fashioned authentication methods are 'adequate' and refusing to look at modern methods of fraud-proofing their online transactions. The main enemies are trojan horse type malware, which sits on the user's PC and reports back to its owner on every keystroke typed during an online banking transaction which, alas, is a user ID and password, and spy cameras (if the user is irresponsible enough to use an internet cafe). An authentication method which is proof against both of the above is described at www.designsim.com.au and is rapidly being taken up by banks in Europe and the U.S.

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 07 August, 2012, 14:29

74% Hit, 75% Success, 61% Loss => 33.85% (0.74*0.75*0.61) of all online transactions have resulted in loss of money due to fraud. How come only 3 lawsuits? 

With almost 1 in 3 comprised transactions, it's apparent that virtually every bank is affected by online fraud. So, how does an affected customer decide which bank to switch to?

While the quote by the CEO of Guardian Analytics in this article advises banks to improve their security measures, the same company's blog post states that the bank in question (Ocean Bank) had fraud monitoring technology but didn't use it to monitor the said transactions of the customer (PATCO). Was it because the technology suffered from so much false-positives that revenue losses arising from wrongly blocked genuine transactions far exceeded any fraud losses arising from wrongly permitted fraudulent transactions? Furthermore, what can all the technology do when millions of customers hand over their Internet Banking credentials to Mint and other P2FMs?

Jan-Olof Brunila - Swedbank - Stockholm | 08 August, 2012, 14:06

Surprising that banks in the USA have not seen the case for buílding up an infrastructure for secure e-banking for themselves. If customers would hold a secure authentication and verification token they would not like to leave to another, unsecure bank. Furthermore the secure e-banking user interface would increase stickyness and thereby customer loyalty. In Scandinavia all banks offer secure customer authentication solutions and these also include transaction verfication procedures. The European Central Bank is now proposing a mandatory two factor customer verification for all internet payment services in Europe in order to protect the important and valuable electronic payments market from fraud and misuse. Such measures will focus fraud to the still unprocteted areas of the world.

Mark Sitkowski - Design Simulation Systems Ltd - Melbourne | 09 August, 2012, 00:04

@Jan-Olaf: Here's an interesting coincidence. Our site was hit by an attack from Sweden last night, (which is still continuing as I write) which launched 23,000 probes before the firewalls caught it. Attackng machine name is h92n5-m-sp-gr1.ias.bredband.telia.com.

I've extracted details of the first 10,000 of these probes into a file, to help other potential victims secure those areas.
 Get it from www.designsim.com.au/hacker.txt

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 23 August, 2012, 14:36

In its recently published article titled Finding a Reasonable Definition of Commercially Reasonable, the Federal Reserve Bank of Atlanta reports
400 reported cases of corporate account takeovers involving the attempted theft of $255 million, resulting in actual losses of approximately $85 million. These are nowhere near the highly scary figures reported by the Guardian Analytics and Ponemon Institute research.

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Related blogs

Create a blog about this story (membership required)

Related stories

17 July, 2012
26 June, 2012
20 June, 2012
03 August, 2011
04 April, 2011

Featured job

Depending on experience
London-UK

Find your next job