TRENDING:

The Fraud Blog with Tracy Kitten

Survey Says: ACH Fraud Losses Down

What Are Banks Doing to Save Funds? Tracy Kitten (FraudBlogger) • June 15, 2012    
Survey Says: ACH Fraud Losses Down

Banks are doing a better job of staving off losses linked to incidents of corporate account takeover despite increases in online-banking attacks, a new survey shows.

See Also: The Cybersecurity Swiss Army Knife for Info Guardians: ISO/IEC 27001

It's a good sign, and probably one that reflects investments banks and credit unions have made to improve fraud detection and prevention.

This week, the American Bankers Association and the Financial Services Information Sharing and Analysis Center shared the results of an ACH-fraud trends survey of 95 banks and five service providers.

The survey asked participants to compare their ACH fraud experiences in 2009, 2010 and for the first half of 2011. It shows these institutions saw 314 online bank account attacks during the first half of 2011, up from 239 attacks for the entire calendar year of 2010, the so-called Year of ACH Fraud. By comparison, they reported suffering from just 87 attacks in 2009.

But despite the surge in attacks the first half of 2011, financial losses related to ACH fraud totaled just $777,000 for the period, down significantly from the $3.12 million in losses banks reported for the full year in 2010. And losses suffered by corporate customers totaled $490,000 for the first half of 2011, compared with $1.16 million for all of 2010.

Tech Investments to Curb Fraud

When asked what solutions they thought had been the most effective at reducing ACH and wire fraud, the top four answers were customer education, at 92 percent; a new or different multifactor authentication solution, at 67 percent; shutting down a customer's online access to commercial systems once anomalous activity is detected, at 58 percent; and modifications to existing multifactor authentication solutions, at 50 percent.

To me, that shows institutions are taking fraud detection and prevention seriously.

Impact of FFIEC Guidance?

Though the FFIEC's updated Authentication Guidance was not yet out when the FS-ISAC and ABA conducted their survey, the results suggest banks were already moving in the direction of stronger layered security measures, which the guidance calls for, to curb ACH fraud.

The guidance highlights the need for banking institutions to:

  • Focus more attention on regular and ongoing risk assessments;
  • Implement stronger user authentication practices and enhanced device identification technologies; and
  • Launch improved customer/member and employee education and awareness campaigns.

The information FS-ISAC and ABA collected about improved fraud detection and prevention technologies are in line with results we collected in the spring about fraud and FFIEC conformance trends.

According to our annual Faces of Fraud Survey, when asked what types of fraud they felt best prepared to detect and prevent, 60 percent of the institutions listed ACH and wire fraud.

But most institutions also questioned whether conformance with the guidance was really going to have an impact on fraud reduction. Only 11 percent of the more than 200 institutions we surveyed said they had achieved conformance since the guidance was issued, and almost 30 percent said they still didn't completely understand the guidance. Not a good sign.

And nearly 90 percent said they did not believe the security measures called for in the guidance would have a significant impact on reducing online fraud.

Are the FS-ISAC and ABA survey results a positive sign? Will conformance with the FFIEC Guidance ultimately have a long-term, positive impact on fraud? I think so, but banking and security leaders must remember that compliance alone does not ensure security.



About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.