The US banking industry is failing to protect its small business customers from a destructive epidemic of cyberfraud that is sweeping the nation, according to research by Guardian Analytics and Ponemon Institute
The study of 500 executives and business owners from small and medium businesses (SMB's) indicates that criminals are successfully attacking SMB bank accounts at an unprecedented rate, banks are failing to proactively catch fraud, and a high percentage of SMBs are firing their banks because they are experiencing fraud.
The research found that 55% of businesses reported experiencing fraud in the last 12 months, with 58% of fraud enabled by online banking activities.
Yet, despite the soaring crime rate, 80% of banks failed to catch fraud before funds were transferred out of their institution. In 87% of fraud attacks, the bank was unable to fully recover assets.
The rash of attacks has led to a series of high profile law suits by companies. Indeed, 57% of the respondents to the Ponemon study that have experienced a fraud attack were not fully compensated by their banks, while a quarter of victims were not compensated for any part of their losses.
Customer churn is also on the rise, with 40% of businesses moving their banking activities elsewhere after a fraud incident.
"Ultimately the data points to the need for banks to evolve their definition of reasonable security and proactively invest in process and technology to better protect their online banking customers," says Dr. Larry Ponemon, Ponemon Institute. "Only 20 percent of banks were able to identify fraud before money was transferred. The ROI of investing in fraud prevention is clear when you consider how fraud and churn drive productivity and profit loss as well as legal and reputation risks."
The cost to the industry of of this new wave of cyberfraud was this week highlighted by David Nelson, an examination specialist with the FDIC Cyber Fraud and Financial Crimes Section. Speaking at an RSA conference, he said that small and midsize businesses and their financial institutions suffered about $120 million in losses due to fraudulent electronic funds transfers in the third quarter of 2009, up from about $85 million in the third quarter of 2007.
These figures are expected to show a substantial gain this year, with criminals refining their malware tools and tactics to undertake a wave of targetted attacks on companies using the national ACH system.