How can we fight online banking fraud?

Last updated: 21 March 2014

Online banking fraud is down by nearly a third in the UK, according to banking industry group Financial Fraud Action (FFA) UK.  This is quite an astonishing figure, which the FFA attributed to a rise in anti-fraud software and chip-and-pin technology.

It is great to see the UK demonstrating how to attack online banking fraud aggressively by implementing both fraud detection and authentication.  Recent guidance from the FFIEC in the US urged banks to move in this direction but, without a clear requirement the move is at a pace that makes a glacier seem positively rabbit-like…

What the FFA’s figures provide is an important example that a country so similar to the US in culture has moved in this direction. Customers accepted the solution, use it, and it works.

William Beer of PwC mentions that a key fob is not a silver bullet, which is true, and introduces inflexibility into the system. My response to this would be that, firstly, fraud is too complex for there to be one magic bullet; true security is achieved with multiple layers of defenses working in harmony.

Secondly, requiring one solution is too rigid – the correct approach is to offer a menu of options, affording a customer an array of choices that meet their needs and the security requirements of the bank(s).

Finally, although the UK has reduced fraud by one third, this was in a very short period, which does not mean that the attackers are simply now taken up with knitting sweaters and twiddling their thumbs. They are looking for other targets and with the US lagging considerably behind the rest of the developed world with regard to customer security, guess who they’re attacking now?

It is no coincidence that, as the UK sees fewer cases of online fraud, the US is seeing a dramatic rise in the volume and sophistication of attacks.

There is an analogy in the security space that is “I don’t have to outrun the bear, I just have to outrun you!”  Meaning, you don’t have to be the most secure bank in the world or in a region, you just want to make sure you’re not the least secure – and the US as a whole is a prime target for a lot of bears…

Leave a Reply

Your email address will not be published. Required fields are marked *