January 10, 2013

Corporate bank account takeovers less successful than ever

Hijacking corporate bank accounts is still prevalent, but miscreants are continuing to find less success in performing fraudulent transactions, according to a new study released Wednesday.

The fourth “Commercial Account Takeover Survey,” commissioned by the Financial Services and Information Sharing and Analysis Center (FS-ISAC), reveals that banks are becoming more successful in thwarting phony transactions by cyber criminals who compromise the bank accounts of businesses. A previous update on the survey indicated similar findings.

The survey, conducted by the trade group American Bankers Association, began in 2009 and now covers through the first half of 2012. It polled 95 financial institutions and five service providers.

Of all reported account takeovers in the first half of 2012, nine percent resulted in funds leaving financial institutions, a significant drop from 70 percent in 2009 and 12 percent in 2011, the survey showed.

The number of actual compromised accounts has also decreased – from 3.42 per 1,000 customers in 2011 to 2.11 in 2012.

Criminals typically gain control of accounts by tricking email recipients into giving up personal information through a phishing attack or by clicking on a fraudulent link that downloads data-stealing malware, such as Zeus.

The study found that more educated banking customers played the biggest role in the drop of successful account takeover fraud.

Meanwhile, financial institutions helped by increasing their manual reviews of high-value transactions, as well as by introducing new tools, such as multi-factor authentication to ensure users are legitimate and anomaly detection to identify unusual account behavior, Bill Nelson, CEO of FS-ISAC, told SCMagazine.com on Thursday.

“You may also have out-of-band authentication – getting back to the customer with an SMS message or phone call…letting [them] know there has been some unusual activity,” he said.

Nelson added that supplemental guidance on authentication – released by the Federal Financial Institutions Examination Council (FFIEC) to its members – also had a positive impact.

“Banks and service providers have taken them seriously and have really raised the bar for their security posture,” he said.

Related Articles
Related Topics
Related Links

More in News

Privacy-bolstering "Apps Act" introduced in House

The bill would provide consumers nationwide with similar protections already enforced by a California law.

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Microsoft is prepping a whopper of a security update that will close 33 vulnerabilities, likely including an Internet Explorer (IE) flaw that has been used in targeted website attacks against the U.S. government.

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs

Up to 160,000 Social Security numbers and one million driver's license numbers may have been accessed by intruders.