Mixed Marks in Making the Grade in Banking Security
PLEASANTON, Calif. -- Financial institutions are making progress in protecting consumer identity and customer accounts but there's more work to be done, and getting the consumers themselves more involved would be a good way to start. Those are among the conclusions of Javelin Strategy and Research's annual ranking of bank and credit union effectiveness across various channels of security.
Comprising this study were 23 banks and two credit unions (Navy Federal and The Golden 1) accounting for more than 50% of the U.S. market last year, by dollar value of deposits. Javelin's Jean Garascia analyzed and ranked these industry giants along a range of banking security criteria including identity fraud prevention, detection and resolution capabilities.
For the second year running, Bank of America emerged as the highest scorer in Javelin's study, tallying 78 out of 100 overall points. Its success was buoyed by a first-place finish in the fraud prevention and fraud detection categories. And, while no credit union scored among the top 10 in cumulative scores, they fared well in individual categories. The Golden 1 finished second in prevention, for instance, while Navy Federal was ranked eighth overall in fraud prevention and resolution among all surveyed banks and credit unions.
To gather its data, Javelin employed phone-based "mystery-shopper" investigations, as well as a review of Web sites from the 25 selected financial institutions included in the study.
Scores were determined through multiple steps. First, mystery shoppers--posing as customers or members--would call the financial institutions with several pre-determined questions about fraud prevention, detection, and resolution capabilities. To receive credit for those capabilities, they had to be offered without a fee to the majority of that institution's customers.
Fraud prevention (45 points) was weighted more heavily than detection (35 points) and resolution (20 points) based on its cost-savings potential. This information was then cross-referenced with Web site content for these same institutions.
Fraud prevention included -- but was not limited to -- the existence of a multi-factor and/or enhanced authentication program, anti-phishing e-mail policies, user-defined limits on transactions, and allowing the photo of the account holder on a debit card. Additional points were earned for security education about online/offline activities.
Detection featured points for the ability to view a summary of all accounts after log-in, the ability to order and pay for credit monitoring through the Web site, and interactive mobile alerts.
Finally, the resolution judging rewarded 24-hour, seven-day a week account suspension, providing immediate access to funds not compromised by an identity fraud attack, and zero liability for funds lost to fraud.
Garascia uncovered mixed results. While financial institutions are making strides in resolution capabilities, they continue to labor in the other two criteria, her report said, noting that this could be a troublesome trend for a sector where security concerns will only grow in the coming years.
"The focus of any bank or credit union's account protection efforts must revolve around prevention and detection, as these two areas have the greatest impact on stopping fraud before it begins and discovering it before it gets worse," Garascia said.
Despite the overall gains, Garascia said she saw significant room for improvement for the remainder of 2008, improvements she said would yield positive bottom line results.
"Refocusing on customer-facing prevention methods will engender a greater sense of loyalty and security among account holders and decrease losses due to fraud," the Javelin analyst said in her report, "and providing more robust detection capabilities will bestow the wherewithal to make faster detection a reality."
Garascia suggested "deputizing" consumers to proactively protect their financial interests. These measures include empowering individuals to employ self-protective measures on the same criteria Javelin scored its analyzed banks and credit unions.
In specific, customers and member should be encouraged to monitor both traditional and online channels in order to prevent, detect early and resolve fraud once it has occurred, the Javelin report said.