Two thirds of banks believe cyber-crime is uncontrollable

Two thirds of banks believe cyber-crime is uncontrollable

A clear majority of banks believe they will never be capable of eradicating cyber-crime, with fraud monitoring and detection tools at the top of their shopping lists as they strive to keep the crooks at bay.

In a poll of 100 banking executives from 50 US financial institutions attending a Fundtech client conference, 66% expressed fears that cyber-crime was uncontrollable. A similar majority see fraud monitoring as their biggest challenge, with 84% believing that better detection tools are the keys to addressing spiralling levels of online crime.

George Ravich, Fundtech chief marketing officer, says: "Addressing fraud is the banking industry's most pressing problem. With little expectation that cyber attacks will be brought under control anytime soon, banks, their customers, and their technology suppliers must collaborate in order to effectively quell this growing challenge."

Client education will be key, although the disconnect between banks and their small business customers is evident in a spate of recent ACH wire frauds that have deteriorated into courtroom squabbles over liability for losses.

While 79% of executives quizzed at the Fundtech event think that only a small fraction of their business client base understands their liability for fraudulent transactions, three quarters believe that SMEs would be willing to change financial institutions for better security.

Comments: (3)

A Finextra member
A Finextra member 11 August, 2011, 15:49Be the first to give this comment the thumbs up 0 likes

It will come as no surprise to many that a majority of banks believe they will never be capable of eradicating cyber-crime, and that fraudmonitoring and detection tools are the top of their shopping lists.

In my blogs entitled "Authentication is failing, so turn on the burglar alarm " and "It's time for banks to up the ante against fraudsters" (see I spoke of the need for banks to go beyond using front-line detection tools and focus on using other detection methods including behavioural profiling.

As this article states "Client education will be key", so it will be our own responsibility as much as the banks to watch out for financial fraud. For more on this please read the blog "Victims of financial crime. Could you be next?" at

So while examples of financial crime such as cyber-crime seem currently uncontrollable, there are methods and technologies to help out. History shows that this to be true. Card fraud was rampant several years ago, but was reduced by introducing measures such as PIN. The result(according to CIFAS 2011 report) is that fewer bank accounts and plastic cards were targeted by fraudsters (15% and 37% decreases respectively in 2011).

The worrying thing is the many different channels fraudsters can now target. For example, the decreases in card fraud have already been offset by increases of 30% in communications products compared with 2009 (source: CIFAS). In the current economic climate, the prospect of more fraud remains likely, including from within (internal fraud) the banks.

However, banks will eventually fight back. They just have to remain ever vigilant as fraudsters look for new chinks in their armour.

A Finextra member
A Finextra member 12 August, 2011, 07:15Be the first to give this comment the thumbs up 0 likes Dear Sirs, As long as banks allow customers to remotely access funds by user ID and static password, they will never be able to combat cyber crime. As long as we can make e commerce payment transactions by the simple entry of data visible on the card we will se cyber crime rise. 40 years ago there was a problem with paper cheque third party fraud and in those days a legal requirement to show a photo ID card when issuing a paper cheque to a merchant was introduced. In a similar manner there is need for approptiate digítal ID and authentication including the verification of placed orders i the virtual world financial services. Unless banks manage to create these security measures and educate customers to use them, cyber crime will expand and not retract. The development of secure virtual services however compete with customer convenience issues, time to market and unwillingness to spend on neccessary investments and cost of operations for security measures. The famous business case for security is hindering solutions being introduced and not lack of know-how. Perhaps a public regulation is needed to curbe cyber crime?
MaryAnn Allison
MaryAnn Allison - Payments Industry - Palm Desert 29 August, 2011, 15:58Be the first to give this comment the thumbs up 0 likes

One step that can be taken by the operators of the ACH network in the US is to amend the fundamental NACHA rules that govern the use of the ACH network. Today, there is no definition for Fraud in the NACHA rules.

Traditionally, ACH has been set up and used by banks and corporations to move large amounts of money between and among themselves. This has all been accomplished by a basic gentlemans agreement in accordance with NACHA rules.

However, NACHA rules are not set up for consumer behavioral driven transactions and therefore do not provide for any kind of consumer perpetrated fraud.

I am thinking of chargebacks, incorrect account numbers (maybe on purpose?), rapid funds movement through several different bank accounts in quick succession, recourse for someone who has had their money stolen and they need fast resolution and there is none as a few examples.

As the financial community finds new and expanding uses for the ACH network, the NACHA rules likewise need to evolve along with the changing usage to enable proper protections.

If new NACHA rules are implemented, it will give the banks more leverage and movement to take action against fraudsters. Right now, banks are limited by the rules and the fraudsters are exploiting the holes in the NACHA rules.