Hackers Hit and Then Move On
A new survey found that hack attacks on small and medium-sized businesses are usually successful and that the money often is not recovered.
A majority of the businesses blame their financial institutions, according to the report released in early August by Guardian Analytics, and many choose to take their business elsewhere afterwards.
The Mountain View, Calif., provider of behavior-based fraud solutions to about 200 clients, about half of them credit unions, commissioned the Ponemon Institute to conduct the study. That firm said it based its results on a survey of nearly 1,000 American business owners and executives.
Ponemon researchers said it found that 74% of SMBs experienced electronic banking fraud, including 52% in the past 12 months.
“Despite efforts by financial institutions to recover funds, 61% of reported fraud attacks result in lost funds,” Guardian Analytics said in a statement. “Reimbursement of losses varies – in some cases the business takes the full loss, in some instances losses are shared, and in one quarter of instances, banks reimburse the business fully for any losses.”
The report said that in 73% of the cases the money was gone before the attack was noticed.
Seventy-two percent indicated they hold the financial institution primarily accountable for ensuring online security, and only 43% said their financial institution takes appropriate action to limit risky transactions, the Ponemon report said.
And 70% of respondents “indicate that online fraud – either successful or just attempted – diminished their trust and confidence in their FI or caused them to take some or all of their banking business elsewhere,” Guardian Analytics said in the statement. Thirty-eight percent said they did make the move.
“The Ponemon Institute’s study clearly outlines the strategic impact that fraud has on a financial institution – lost profits and lost customers,” said Terry Austin, CEO at Guardian Analytics. “Further, recent court cases have sided with businesses when it comes to fraud liability, emphasizing financial institutions need sound practices and security to protect customers from account takeover attacks.”
Austin’s company also has announced that it has launched a new service, FraudMAP ACH, which extends the company’s behavior-based anomaly detection technology used for online and mobile banking channels to now be used to analyze ACH batches and transactions to prioritize the riskiest payments for review.