19 March 2018


Retired Member

3,425Posts 12,817,812Views 4,249Comments
A post relating to this item from Finextra:

Half of online bankers who click on phishing links have login details stolen - Trusteer

02 December 2009  |  10128 views  |  0
Just one per cent of online bankers in the US and Europe are tricked into visiting phishing sites but once there, over half of these end up handing over their login details, according to research from...

Online fraud: the search for the missing link

02 December 2009  |  3027 views  |  0

Trusteer's release on the connection between phishing and individual's loss of log in information is quite interesting; what's needed for the financial technology and security now is to create an actual correlation between these two events (everyday online consumer behavior and criminal activity) and the final "missing link" of actual transactional fraud. Theories over the correlation between consumer behavior and fraud abound, yet empirical correlation has thus far been entirely elusive. As the founder of the company that has conducted over 20,000 phone-based interviews to determine the actual correlation between consumer victim behavior and transactional fraud (based on an ever-expansion of original US Federal Trade Commission methodology), I know well the limits of research. My conclusion thus far is that there is much damage being done in both the cyber and traditional realms, yet education and prioritization remains challenging for security professionals due to limits on research data. It's not clear to me how Trusteer made their calculations, but the findings seem within the realm of distinct possibility. Note that our data show the average ID fraud victim (of both new and existing account activity) suffering nearly US $5000 in fraud and $496 and 30 hours of personal impact. A key limiting factor is that fully 65% of victims cannot confidently correlate crime #1 (how the data was accessed) with crime #2 (how the fraud was conducted). Bankers, consumers and third party experts must continually adapt to the latest threats, and we're in the middle of releasing a trio of related reports (Bank Safety Scorecard, Web App threats, and integration of OWASP standards) on how to do this. Note that our web apps report will show that nearly half of all top US banks are not encrypting various aspects of customer web communication forms. Each year we continue to learn more and more about this crucial correlation, and 2010 will be no exception. Yet the missing link is empirical evidence between how the data was accessed and how the criminals misused the data for financial gain. 

TagsRisk & regulation

Comments: (0)

Comment on this story (membership required)

Retired's profile

job title
member since 2014
Summary profile See full profile »

Retired's expertise

Member since 2009
3424 posts4,249 comments
What Retired reads

Who's commenting on Retired's posts

Ketharaman Swaminathan
Edward Sutton
Paul Love
Dharmesh Mistry