However, the comScore survey shows customers feel more secure today when visiting online banking sites than they did a year ago, even though the number of attacks by criminals through phishing and spoofing is increasing.
Let's examine this aspect of online banking more closely.
A survey conducted by market research group Gartner shows that criminals raided the checking accounts of nearly 2 million Americans during the past 12 months, resulting in an average loss of $1,200 per incident. The survey concluded that lack of proper security systems, including front-end customer authentication, and absence of back-end fraud-detection solutions were the reasons for these losses.
The Gartner study found that about 1.8 million customers received phishing emails that fraudulently sought personal information from them. Phishing attacks collect information such as usernames and passwords from consumers by imitating emails from genuine financial institutions like banks, insurance companies, and mutual funds that transact business online.
According to the survey, another problem faced by consumers is spoofing. Criminals set up bank websites that look like the originals and get people to log on. This gives the criminals the personal information the customers must provide to access their checking accounts. Money is then moved out of customers' checking accounts using this information.
The industry experts surveyed stated that computer criminals are highly skilled programmers who write programs such as keyloggers. These programs are automatically installed on computers through emails; they then steal passwords and account information from the computers' users.
The survey of bankers also revealed that defrauders siphon money using other ingenious methods. Criminals hide their identities by setting up bill-payment accounts and transferring stolen money into them.
Then, of course, there are the fake ATM cards and counterfeit checks. Imposters create authentic-looking counterfeits by accessing the information and images available to online bankers.
Credit card users may be familiar with the industry software Falcon. This software informs the customer if any unusual purchases are made with his or her credit card. There is no such countermeasure available to alert online banking consumers.
So what can victims of online banking fraud do? Regulation E governs electronic transfers and requires banks to refund money in cases where customers inform them of theft within 60 days of receiving their bank statements. The regulation covers many types of transfers into and out of bank accounts, but transfers through checks and credit card transactions are not covered.
The Federal Financial Institutions Examination Council (FFIEC) has issued guidance titled "Authentication in an Internet Banking Environment."
According to the Gartner survey of U.S. banks carried out in October and November 2006, two-thirds of the 50 banks surveyed were complying with the FFIEC's "Authentication in an Internet Banking Environment" guidance by the end of 2006. This guidance required banks to go beyond password-based authentication by the end of 2006.
Banks are becoming increasingly concerned regarding the security of consumers' online banking transactions and abuses of their personal information. Fraud detection and consumer authentication are two key techniques that can be used to control losses. Some of the methods used by banks to enhance security with regard to the authentication of customers are hardware tokens and multifactor authentication features that mitigate the risk of theft of customers' personal information.
Bank spending on consumer security has increased, and more than half of the banks surveyed reported they planned to spend more on web security than on call centers.
The federal government is also concerned about the security of online banking. The Gartner survey revealed that FFIEC guidance was a major reason for U.S. e-banking security upgrades in 2006. Compliance with the FFIEC guidance was ranked as the strongest motivator, followed by consumer confidence and improving fraud prevention.
