Hijacking corporate bank accounts is still prevalent, but miscreants are continuing to find less success in performing fraudulent transactions, according to a new study released Wednesday.
The fourth “Commercial Account Takeover Survey,” commissioned by the Financial Services and Information Sharing and Analysis Center (FS-ISAC), reveals that banks are becoming more successful in thwarting phony transactions by cyber criminals who compromise the bank accounts of businesses. A previous update on the survey indicated similar findings.
The survey, conducted by the trade group American Bankers Association, began in 2009 and now covers through the first half of 2012. It polled 95 financial institutions and five service providers.
Of all reported account takeovers in the first half of 2012, nine percent resulted in funds leaving financial institutions, a significant drop from 70 percent in 2009 and 12 percent in 2011, the survey showed.
The number of actual compromised accounts has also decreased – from 3.42 per 1,000 customers in 2011 to 2.11 in 2012.
Criminals typically gain control of accounts by tricking email recipients into giving up personal information through a phishing attack or by clicking on a fraudulent link that downloads data-stealing malware, such as Zeus.
The study found that more educated banking customers played the biggest role in the drop of successful account takeover fraud.
Meanwhile, financial institutions helped by increasing their manual reviews of high-value transactions, as well as by introducing new tools, such as multi-factor authentication to ensure users are legitimate and anomaly detection to identify unusual account behavior, Bill Nelson, CEO of FS-ISAC, told SCMagazine.com on Thursday.
“You may also have out-of-band authentication – getting back to the customer with an SMS message or phone call…letting [them] know there has been some unusual activity,” he said.
Nelson added that supplemental guidance on authentication – released by the Federal Financial Institutions Examination Council (FFIEC) to its members – also had a positive impact.
“Banks and service providers have taken them seriously and have really raised the bar for their security posture,” he said.