One-Third of Banking Account Takeover Attempts Successful

Monday, August 20, 2012

Robert Siciliano

37d5f81e2277051bc17116221040d51c

The Financial Services Information Sharing and Analysis Center (FS-ISAC), which works with the Department of Homeland Security, recently released a study indicating that attacks on customer bank accounts have increased considerably in recent years.

The FS-ISAC, in collaboration with the American Bankers Association, surveyed large financial institutions to collect data on fraud attempts. The responding banks reported a combined 314 break-in attempts in 2011, up from 239 in 2010 and 87 in 2009.

Roughly one third of these attempts were successful in fraudulently transferring money out of hacked customer accounts, with institutions losing a total of $777,064, which is actually a decrease from $3.12 million in 2010. Customers lost only $489,672 in 2011, down from $1.16 million in 2010.

While less money was ultimately siphoned from banks and customers than in past years, there are new attack strategies on the horizon, which may push these numbers up in 2012. Threats, defenses, and vulnerabilities continually emerge, so stay tuned as we track the shifts in our evolving security landscape.

When asked what they were doing to prevent fraud and theft, banks’ three most common responses were:

  • Increased customer education
  • Multi-factor authentication
  • Anomalous behavior detection

This year, the FFIEC updated the security requirements recommended for banks. One of the recommendations encourages financial institutions to employ complex device identification.

Oregon-based security firm iovation goes a step further offering device reputation technology, which builds on device identification by offering real-time risk assessments, exposing any history of fraud associated with a particular device or group of devices, and investigating relationships between devices and accounts that have been associated with fraud in order to expose fraudsters working in cahoots to steal from online businesses.

Robert Siciliano, personal security and identity theft expert contributor to iovation, discusses identity theft  in front of the National Speakers Association. (Disclosures)

Possibly Related Articles:
11079
fraud Banking Device Reputation Multifactor Authentication FFIEC online safety Account Takeover
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.