Corporate account takeover fraud is something that has been hotly disputed in recent months. A report recently published by the Association for Financial Professionals[i] (AFP) showed that 61% of organisations experienced an attempted
or actual payments fraud in 2012. It’s an issue that has grown significantly across various markets and is a problem that will need serious consideration in the in years to come if the industry is to see a reversal of the figures uncovered by the AFP.
But to address how to combat it in the future, it’s important to look back at its origins. Often referred to as Automated Clearing House (ACH) and Wire Fraud, a light was first cast on it by the U.S. Federal Financial Institutions Examination Council’s (FFIEC)
2005 guidance on Authentication in an Internet Banking Environment. Then, from 2009-2012, the U.S. banking industry witnessed a few high profile legal cases involving banks, their corporate customers and some significant fraud loss events. Around the same
time, the FFIEC then issued a more detailed supplement to their guidance in 2011, which called for a “layered security” approach to defend against online fraud attacks. Over this period, financial institutions stepped up their fraud prevention efforts in earnest,
and countless media articles and analyst reports covered the issues and related events. Given all of this, and the slowing rate of news related to this issue you might think that there’s little new left to say about it.
We have found that North American institutions tend to come at the problem first from an IT security angle. They emphasise “front door” defenses such as device identification, malware protection and secure browsing. Their global counterparts, on the other
hand, stress payment-specific transaction monitoring (“back door defenses”), focusing on wire, ACH and other common transaction banking payment types. Could this be a sign that IT organisations in US banks still have more clout than the fraud / risk departments
when it comes to technology investment?
Meanwhile global institutions have reported higher incidences of wire and ACH fraud attempts – 54% have experienced it in the last 12 months, versus 40% in North America. And, commercial account fraud losses are higher globally than in North America – 43%
versus 14% in the last 12 months. Could this be a sign that the FFIEC guidance is working, and the fraudsters are shifting their attention to targets outside the US?
One perception that both North American and global institutions share is that reputation matters. Reputational damage and damage to existing customer relationships are seen as the most important negative impacts of commercial account takeover fraud. In both
cases, these impacts rate as more significant than the actual financial losses that may occur.
What is clear is that commercial account takeover fraud is a global problem, and financial institutions are taking different paths to defend against this growing and increasingly complex threat. Another case of “think globally, but act locally”.
[i] 2013 AFP Payments Fraud and Control Survey Introduction & Key Findings,
http://www.afponline.org/pub/pdf/2013_AFP_Payments_Fraud_and_Control_Survey_Introduction___Key_Findings.pdf