The financial institution nightmare is when a legitimate account is taken over by cyber-criminals – then looted.
The upbeat news in the survey: financial institutions have gotten more skilled in preventing account takeovers and in preventing funds from leaving the institution, per FS-ISAC.
The bad news in the survey (conducted for FS-ISAC by the American Bankers Association and which included 100 financial services firms) -- is that account takeovers are still occurring.
The frequency in the current period amounts to 2.11 per 1,000 commercial customers in the first half of 2012. That compares to 3.42 per 1,000 in 2011, as reported in an earlier survey.
Of all reported account takeovers: 65% in the first half of 2012 did not involve monetary transactions. That compares to 53% in 2011.
Nine percent of account takeovers resulted in funds leaving the institution. That compares to 12% in 2011.
In instances where money was fraudulently transferred out of the institution, 82% in the first half of 2012 involved wire transfers (with 14% ACH and 4% check writing and other). That compares to 2011 numbers of 91%, 9% and 0% in 2011, respectively
FS-ISAC said that several steps have proven effective in reducing account takeover fraud. It pointed to: Customer education; temporarily shutting down affected online customer’s access;
Manual review of ACH/wire transactions above a certain dollar amount; and analysis of customer login characteristics/patterns.