Cybercrime and malware are the top online fraud threatsfinancial institutions face today, and they’ll continue to top thelist of threats over the next two to three years, according to anew report from research firm Aite Group.

The report, “Online Fraud Mitigation: Tools of the Trade,” whichis based on interviews with 32 North American financialinstitutions and 40 fraud mitigation vendors, examines the originsof online fraud, the online fraud mitigation strategies in usetoday, the vendors in use today and fraud mitigation in the mobilechannel.

The majority of financial institutions interviewed, 56%, saidcybercrime and malware are the most powerful instigators of onlinefraud.

Meanwhile, 52% of the institutions also listed cybercrime andmalware as the most significant online fraud threats to emerge overthe next two to three years, Aite Group said.

Mobile fraud is also a notable threat–26% of respondents listedit as the type of fraud that will cause the most pain over the nexttwo to three years.

Aite Group Senior Analyst Julie Conroy McNelley, who authoredthe report, said credit unions must realize that implementing arobust fraud prevention strategy, though it may come with a steepprice tag, is a critical move given today’s threats.

“The report highlights the fact that no institution is exemptfrom the threat landscape,” McNelley said. “It’s important, notjust from a compliance standpoint but from a loss-mitigationperspective, for credit unions to have a good understanding of thethreats out there.”

“The challenge for credit unions will be making the businesscase to deploy the technology it takes to keep pace with the badguys. They’ll need to take the long view for the business andrealize that with just one big corporate account takeover, theinstitution can be wiped out. So the risks are significant.”

Financial institutions are combining multiple fraud mitigationstrategies, including secure browsing technology, knowledge-basedauthentication, out-of-band authentication, complex device printingand behavior analytics, into a layered approach to combat fraud,Aite Group said.

Respondents rated behavior analytics, in whichinstitutions monitor user sessions or Web navigation techniques topinpoint suspicious activities, as one of the most effectivestrategies.

Vendors leading the pack in behavior analytics includeSilverTail Systems, which focuses on Web session activitymonitoring, and ArcSight, which allows institutions to analyzebehaviors tied to account breaches. NICE Actimize currently has thehighest number of behavior analytics solutions installed orunderway among the large institutions interviewed, the firmsaid.

Out-of-band authentication (known as OOBA) is an authenticationstrategy that involves communication through a channel outside ofthe one being used to access the banking application, such as atext message or phone call. It is another method rated as highlyeffective by financial institutions. Large financial institutionsinterviewed use Authentify, RSA and Entrust for their OOBAsolutions, and midsize institutions listed Authentify, AccessSoftek and RSA.

“The good news is the technology–the robust, layered mechanismsthat are out there–is successful,” McNelley said. “If you have abigger guard dog in your yard, it’s going to be more difficult forfraudsters to get in, and they’ll instead target a place that’sless difficult.”

OOBA, however, poses challenges, such as maintaining accuratephone data and determining protocols for making outbound calls.

“In some cases, OOBA can be seen as a customer pain point, sothe effectiveness needs to be balanced with the degree ofintrusiveness on the customer experience–authentication that keepsthe fraud out but impedes business is a failure,” McNelleysaid.

Mobile banking technology will pose increasing risks asfinancial institutions add person-to-person transactionfunctionality to their mobile platforms, Aite Group said.

An emerging fraud mitigation solution in the mobile space isvoice biometrics, which allows institutions to identify users basedon voice prints. About 37% of large financial institutions surveyedeither use or plan to use voice biometrics, and 15% of mid-sizedinstitutions have voice biometrics on their road maps. Aite Groupidentifies the leading voice biometrics vendors as Convergys,eLoyalty (now Mattersight), Nuance, PinDrop and Victrio.