Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Financially minded cyber criminals are attempting to hijack corporate bank accounts at increasing rates, but they are finding less luck in actually getting money out of them, according to a Financial Services Information Sharing and Analysis Center (FS-ISAC) study released Thursday.
The study, conducted by the American Bankers Association (ABA), surveyed 100 financial services firms and covered 2009, 2010 and the first half of 2011. It found that while attempted account takeovers rose from 87 in 2009 to 239 in 2010 to an annualized estimate of 314 in 2011, banks and customers are feeling less financial pain.
That decline is especially apparent when comparing 2010, which saw actual dollar losses facing the respondents reach nearly $3.2 million, to 2011, when the number plummeted to just over $777,000. Customer losses also fell to around $490,000 in 2011, from a high of $1.1 million in 2010.
Hackers are finding it more difficult to get the money out. According to the survey, the percentage of unauthorized transfer attempts that went through dropped to 32 percent in 2011, down from 70 percent in 2009.
While the study didn't differentiate between bank accounts belonging to home users versus those operated by organizations, the business world, especially small and midsize players, have seen a tidal wave of account hacking attempts in recent years, costing them hundreds of millions of dollars and prompting numerous FBI investigations. Often times, the corporate customers -- and not the banks -- are on the hook for the losses because federal law does not cover fraud losses for businesses like it does for consumers.
Hackers typically gain control of the accounts by tricking an employee responsible for online banking into installing a data-stealing trojan, such as Zeus. This allows the swindlers to steal credentials used to access the accounts and initiate transfers to other accounts set up by "money mules."
But, judging from the numbers -- and fresh FFIEC guidance -- it's clear that both customers and financial institutions are warming up to the threat.
A second survey conducted by the ABA asked respondents to identify the solutions that have been most effective in reducing account takeover. Customer education, multifactor authentication, and monitoring and reacting to suspicious account activity topped the list.
This article originally appeared at scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.
