Phishing in Top 3 Fraud Threats for 2010Written by John P Mello Jr on January 20, 2011
Phishing finished third behind credit/debit card and check fraud as the type of fraud experienced by financial institutions in 2010. Asked what kind of fraud they experienced in 2010, 82 percent identified credit/debit scams, 63 percent acknowledged check dodges and 48 percent named phishing, according to a survey conducted by the Information Security Media Group.
“It’s no surprise that payment card and check fraud top the current list of schemes that institutions face these are traditional banking scams, and they reflect areas where institutions invest great resources,” the report said. “What is noteworthy is the rise of phishing/vishing a relatively new form of fraud to the #3 spot.”
Vishing is phishing’s real world analog. It typically uses Voice Over IP (VOIP) to call blocks of phone numbers and transmit automated messages. The messages usually contain some kind of frightening news, such as your credit card account has been compromised, and a phone number that can be dialed to correct the problem. When a gull dials the number, an automated system requests personal information from them, such as a credit card or bank account number. Once the info is obtained, the victim is put on perpetual hold. Meanwhile, the information is used to wreak havoc with the guppie’s financial life.
Phishers will smile at one finding in the survey, which is based on input from 230 respondents–83 percent from banks and credit unions and 17 percent from non-banking financial institutions. When the pollsters ranked the fraud areas financial institutions were best prepared to prevent, phishing didn’t even make it into the top quintet.
Some 41 percent of the respondents told the surveyors that their institutions were best prepared to prevent credit/debit card fraud, followed by money laundering (40 percent), ACH/wire fraud (34 percent), check fraud (34 percent) and online banking breaches (32 percent).
From those responses the surveyors reasoned that financial institutions appear to be focusing their fraud fighting efforts on traditional scams or, in the case of money laundering, areas closely watched by government regulators.
“The message here isn’t that banking institutions have their resources in the wrong places,” the report said. “Clearly, payment card and check fraud remain serious risks to major lines of business, and money laundering continues to be an evolving (and scrutinized) crime.”
“But,” it added, “institutions do need to diversify their detection and prevention approaches to include newer forms of fraud such as phishing/vishing, as well as the surge in ACH/wire fraud corporate account takeover. These crimes clearly are increasing as is public exposure when these schemes are uncovered. But it is not clear how or if institutions are prepared to respond to these new faces of fraud.”
One of the issues that the surveyors sought to explore is the growth of cross-channel fraud. Criminals are no longer content to attack customer accounts at a single point but are trying schemes that cross venues. More than a third of the respondents (40 percent), though, said they believed that only 10 percent of their fraud incidents fit in the cross-channel category.
There is some question about many financial institutions’ ability to detect cross-channel attacks. When asked if their organization’s fraud detection tools were aligned to detect cross-channel attacks, 36 percent of the respondents said no, while another 29 percent said their systems were either somewhat aligned or they were “working on it.”
The leading answer to the pollsters’ query about the biggest challenges facing fraud fighters at financial institutions would not surprise any system administrator in these lean times. More than half the respondents (56 percent) tagged their biggest challenge as insufficient resources due to budgetary constraints, manpower shortages or both. Finishing behind dearth of resources were inadequate fraud detection tools and technologies (51 percent), lack of customer awareness (43 percent), organizational silos (33 percent) and difficulty investigating crimes across borders.
According to the report, 2010 was not a very good year for fraud fighters. Only 17 percent of the survey’s participants, it noted, increased their budgets or personnel for fighting fraud. It also predicted that the picture will improve this year. That’s based on the survey’s findings that 34 percent of the respondents said they intended to increase the resources they would be dedicating to fraud prevention this year.
What might organizations be spending those additional resources on? According to the folks in the poll, they’re interested in strong authentication (55 percent), intrusion prevention (44 percent), fraud case management systems (38 percent), end-to-end encryption (35 percent) and neural net fraud detection technologies (33 percent).