BOSTON — If big banks are the bellwethers in the online channel, credit unions that haven't yet can expect to be looking at account-opening authentication tools and perhaps tightening down on the old-fashioned phone lines, too.
That's according to a new report from Boston-based Aite Group, which surveyed 21 of the largest 100 banks ranked by number of checking accounts in March.
While the focus by fraudsters has moved down market to credit unions and community banks by most accounts, the big boys continue to be a target, the report found. Fully 39% of the respondents said their online banking and bill payment losses had increased in the past 12 months.
"Fraudsters are slowly but steadily gaining ground, despite financial institutions' considerable efforts to step up their online authentication and fraud management capabilities in response to the [new] FFIEC guidelines," the report says.
Social engineering tricks such as phishing remain a big concern for 71% of the respondents, Aite Group says, "pointing out the need to keep educating customers about those 'old hat' tricks."
However, the report's authors say, more sophisticated attacks involving Trojans, malware and man-in-the-middle approaches were cited by 65% of the big bank respondents as a concern as well.
"We believe that concern has been stiffened by the scarcity of off-the-shelf technology solutions that could help financial institutions protect themselves and their customers against those attacks that have historically received low-level attention from anti-virus companies," wrote the Aite Group's Gwenn Bezard and Patrick Kilhaney, authors of the report titled "The State of Online Banking Security."
The authors cite anti-fraud solutions from such vendors as EMC's RSA Security and other shared fraud networks as recent introductions aimed at stemming that tide, and the survey found interest in adopting account-opening security measures in both the online and telephone channels.
"The window of opportunity for authentication and fraud-detection technology vendors has not closed," Bezard and Kilhaney say. They say 62% of their respondents say they were definitely likely to install or replace an ID verification solution in the next two years, for instance.
Meanwhile, the phone channel is getting attention, too. The survey found that 32% of the big banks were planning to deploy some kind of knowledge-based authentication there in the next 24 months and that 16% already have it, with voice biometrics and profiling among the technologies being adopted.
And as for the mobile channel, "we found that 81% of respondents view security issues as the top impediment to the successful deployment of mobile banking," the Aite Group report says. "This finding is particularly noteworthy at a time when a large number of banks are in the midst of rolling out mobile banking applications." Lack of standards also was cited by a large majority, 71%, of the respondents.
Going forward, Bezard and Kilhaney conclude, financial institutions will continue to invest in protecting the Web channel against "technologically sophisticated attacks as well as less tech-savvy attacks that rely more on social engineering techniques."
And the account-opening process will continue to be a focus, they say, because that's where "a significant fraction of the fraud activities affecting financial institutions originate, from newly established accounts, not from hacked accounts."
© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.