US small businesses ditch banks over online fraud

US small businesses ditch banks over online fraud

Around three quarters of small and medium-sized businesses (SMBs) in the US have fallen victim to online banking fraud and many are ditching their provider as a result, according to research from Guardian Analytics and Ponemon Institute.

A survey of 998 SMBs shows that 54% now use mobile devices to access online banking, up from 23% in 2010. Meanwhile, the proportion doing all business banking online has more than doubled from nine per cent two years ago to 20%.

The use of electronic channels is popular with crooks as well as businesses: 74% of SMBs quizzed have been hit be electronic banking fraud, 52% in the past year. Just under three quarters of these online fraud attacks result in the successful transfer of money and, despite efforts by financial institutions to recover funds, 61% result in lost money.

Reimbursement of losses varies - in some cases the business takes the full hit, in some instances it is shared, and in a quarter, banks pay out fully.

A big majority - 72% - of respondents hold their financial institution primarily accountable for ensuring that their online bank account is secure. However, only 43% say their provider takes appropriate action to limit risky transactions.

This means that when fraud does happen, it costs banks business: 56% of SMBs indicate that it would take only one successful attack to lose confidence in their financial institution's ability to provide adequate security. Around 40% have taken some, or all, of their business elsewhere.

Terry Austin, CEO, Guardian Analytics. "The Ponemon Institute's study clearly outlines the strategic impact that fraud has on a financial institution - lost profits and lost customers. Further, recent court cases have sided with businesses when it comes to fraud liability, emphasizing financial institutions need sound practices and security to protect customers from account takeover attacks."

Comments: (5)

A Finextra member
A Finextra member 07 August, 2012, 07:47Be the first to give this comment the thumbs up 0 likes

I'm not surprised. The banks (all except two, in the U.S) keep conincing themselves that their old-fashioned authentication methods are 'adequate' and refusing to look at modern methods of fraud-proofing their online transactions. The main enemies are trojan horse type malware, which sits on the user's PC and reports back to its owner on every keystroke typed during an online banking transaction which, alas, is a user ID and password, and spy cameras (if the user is irresponsible enough to use an internet cafe). An authentication method which is proof against both of the above is described at and is rapidly being taken up by banks in Europe and the U.S.

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 07 August, 2012, 14:29Be the first to give this comment the thumbs up 0 likes

74% Hit, 75% Success, 61% Loss => 33.85% (0.74*0.75*0.61) of all online transactions have resulted in loss of money due to fraud. How come only 3 lawsuits? 

With almost 1 in 3 comprised transactions, it's apparent that virtually every bank is affected by online fraud. So, how does an affected customer decide which bank to switch to?

While the quote by the CEO of Guardian Analytics in this article advises banks to improve their security measures, the same company's blog post states that the bank in question (Ocean Bank) had fraud monitoring technology but didn't use it to monitor the said transactions of the customer (PATCO). Was it because the technology suffered from so much false-positives that revenue losses arising from wrongly blocked genuine transactions far exceeded any fraud losses arising from wrongly permitted fraudulent transactions? Furthermore, what can all the technology do when millions of customers hand over their Internet Banking credentials to Mint and other P2FMs?

Jan-Olof Brunila
Jan-Olof Brunila - Swedbank - Stockholm 08 August, 2012, 14:06Be the first to give this comment the thumbs up 0 likes

Surprising that banks in the USA have not seen the case for buílding up an infrastructure for secure e-banking for themselves. If customers would hold a secure authentication and verification token they would not like to leave to another, unsecure bank. Furthermore the secure e-banking user interface would increase stickyness and thereby customer loyalty. In Scandinavia all banks offer secure customer authentication solutions and these also include transaction verfication procedures. The European Central Bank is now proposing a mandatory two factor customer verification for all internet payment services in Europe in order to protect the important and valuable electronic payments market from fraud and misuse. Such measures will focus fraud to the still unprocteted areas of the world.

A Finextra member
A Finextra member 09 August, 2012, 00:04Be the first to give this comment the thumbs up 0 likes

@Jan-Olaf: Here's an interesting coincidence. Our site was hit by an attack from Sweden last night, (which is still continuing as I write) which launched 23,000 probes before the firewalls caught it. Attackng machine name is

I've extracted details of the first 10,000 of these probes into a file, to help other potential victims secure those areas.
 Get it from

Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 23 August, 2012, 14:36Be the first to give this comment the thumbs up 0 likes

In its recently published article titled Finding a Reasonable Definition of Commercially Reasonable, the Federal Reserve Bank of Atlanta reports
400 reported cases of corporate account takeovers involving the attempted theft of $255 million, resulting in actual losses of approximately $85 million. These are nowhere near the highly scary figures reported by the Guardian Analytics and Ponemon Institute research.