Corporate bank account takeovers less successful than ever

Share this article:

Hijacking corporate bank accounts is still prevalent, but miscreants are continuing to find less success in performing fraudulent transactions, according to a new study released Wednesday.

The fourth “Commercial Account Takeover Survey,” commissioned by the Financial Services and Information Sharing and Analysis Center (FS-ISAC), reveals that banks are becoming more successful in thwarting phony transactions by cyber criminals who compromise the bank accounts of businesses. A previous update on the survey indicated similar findings.

The survey, conducted by the trade group American Bankers Association, began in 2009 and now covers through the first half of 2012. It polled 95 financial institutions and five service providers.

Of all reported account takeovers in the first half of 2012, nine percent resulted in funds leaving financial institutions, a significant drop from 70 percent in 2009 and 12 percent in 2011, the survey showed.

The number of actual compromised accounts has also decreased – from 3.42 per 1,000 customers in 2011 to 2.11 in 2012.

Criminals typically gain control of accounts by tricking email recipients into giving up personal information through a phishing attack or by clicking on a fraudulent link that downloads data-stealing malware, such as Zeus.

The study found that more educated banking customers played the biggest role in the drop of successful account takeover fraud.

Meanwhile, financial institutions helped by increasing their manual reviews of high-value transactions, as well as by introducing new tools, such as multi-factor authentication to ensure users are legitimate and anomaly detection to identify unusual account behavior, Bill Nelson, CEO of FS-ISAC, told on Thursday.

“You may also have out-of-band authentication – getting back to the customer with an SMS message or phone call…letting [them] know there has been some unusual activity,” he said.

Nelson added that supplemental guidance on authentication – released by the Federal Financial Institutions Examination Council (FFIEC) to its members – also had a positive impact.

“Banks and service providers have taken them seriously and have really raised the bar for their security posture,” he said.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.