A Finextra member 07 August, 2012, 07:47 0 likes

I'm not surprised. The banks (all except two, in the U.S) keep conincing themselves that their old-fashioned authentication methods are 'adequate' and refusing to look at modern methods of fraud-proofing their online transactions. The main enemies are trojan horse type malware, which sits on the user's PC and reports back to its owner on every keystroke typed during an online banking transaction which, alas, is a user ID and password, and spy cameras (if the user is irresponsible enough to use an internet cafe). An authentication method which is proof against both of the above is described at www.designsim.com.au and is rapidly being taken up by banks in Europe and the U.S.

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 07 August, 2012, 14:29 0 likes

74% Hit, 75% Success, 61% Loss => 33.85% (0.74*0.75*0.61) of all online transactions have resulted in loss of money due to fraud. How come only 3 lawsuits? 

With almost 1 in 3 comprised transactions, it's apparent that virtually every bank is affected by online fraud. So, how does an affected customer decide which bank to switch to?

While the quote by the CEO of Guardian Analytics in this article advises banks to improve their security measures, the same company's blog post states that the bank in question (Ocean Bank) had fraud monitoring technology but didn't use it to monitor the said transactions of the customer (PATCO). Was it because the technology suffered from so much false-positives that revenue losses arising from wrongly blocked genuine transactions far exceeded any fraud losses arising from wrongly permitted fraudulent transactions? Furthermore, what can all the technology do when millions of customers hand over their Internet Banking credentials to Mint and other P2FMs?

Jan-Olof Brunila - Swedbank - Stockholm 08 August, 2012, 14:06 0 likes

Surprising that banks in the USA have not seen the case for buílding up an infrastructure for secure e-banking for themselves. If customers would hold a secure authentication and verification token they would not like to leave to another, unsecure bank. Furthermore the secure e-banking user interface would increase stickyness and thereby customer loyalty. In Scandinavia all banks offer secure customer authentication solutions and these also include transaction verfication procedures. The European Central Bank is now proposing a mandatory two factor customer verification for all internet payment services in Europe in order to protect the important and valuable electronic payments market from fraud and misuse. Such measures will focus fraud to the still unprocteted areas of the world.

A Finextra member 09 August, 2012, 00:04 0 likes

@Jan-Olaf: Here's an interesting coincidence. Our site was hit by an attack from Sweden last night, (which is still continuing as I write) which launched 23,000 probes before the firewalls caught it. Attackng machine name is h92n5-m-sp-gr1.ias.bredband.telia.com.

I've extracted details of the first 10,000 of these probes into a file, to help other potential victims secure those areas.
 Get it from www.designsim.com.au/hacker.txt

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 23 August, 2012, 14:36 0 likes

In its recently published article titled Finding a Reasonable Definition of Commercially Reasonable, the Federal Reserve Bank of Atlanta reports
400 reported cases of corporate account takeovers involving the attempted theft of $255 million, resulting in actual losses of approximately $85 million. These are nowhere near the highly scary figures reported by the Guardian Analytics and Ponemon Institute research.