STAMFORD, Conn. – Unauthorized transfers from checking accounts has become the fastest growing form of electronic fraud in the past year, and financial institutions need to do something about it. That's from Avivah Litan, a research director at Gartner Inc., who says a new survey of 5,000 online U.S. adults shows that checking account thefts are now growing faster than credit card account fraud, although the latter is still claiming the most victims. Gartner analysts say about 1.98 million online users in the U.S. suffered from checking account fraud in the 12 months ending in April, costing about $2.4 billion in direct losses, much of which is absorbed by the financial institutions. A total of 2.48 million users were affected like this before April 2003, meaning about 44% of these crimes occurred in the past year. Meanwhile, about 34% of illegal credit card purchases have occurred in the past year, while 30% of new account frauds, 24% of check forgeries and 29% of fraudulent cash advances also occurred in that time frame. Litan says that credit card fraud appears to have stabilized in the face of improving detection systems, but more needs to be done in the realm of checking. "There is no commercially available software or service that can detect unusual transfers with the same level of transaction and precision that exists for credit card transactions, other than those designed to prevent money laundering," she says. The thievery is taking a number of forms, including some incidents in which fictitious bill payees were created and the thieves paid themselves after accessing legitimate accounts. Phishing and keystroke loggers also are taking their toll. "Although no one can be absolutely sure how these crimes are committed, our survey reveals that 70% of those hit by unauthorized checking account transfers bank or pay bills online, which exposes their account numbers to the Internet," Litan says. More than half of the victims had received or thought they had received phishing e-mail and 5% actually recall giving sensitive information away to scammers," the think firm analyst says. The perception that the Internet is vulnerable to such activity can threaten the growth of online banking, Litan adds. While vendors work on beefing up security, banks and credit unions need to deploy stronger access controls to online and telephone systems, because as Litan says, "Passwords simply are not strong enough to guard consumer accounts against increasingly sophisticated scammers." She advises strengthening access controls or financial institutions and end users could face more losses. "Continuing to rely on passwords alone as a defense against increasingly sophisticated scammers and hackers is nave and short-sighted," the Gartner analyst says. "Shared-secret authentication is one practical solution that can be implemented now. In the longer term, effective back-end tools are needed to detect and stop checking accounts being hijacked." -

[email protected]