10 Faces of Fraud: The Greatest Risks to Banks in 2009

Credit EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

From Hannaford Brothers to Countrywide, this year has been full of stories of criminal activity on the Internet, with hackers and phishers wreaking havoc on computer systems and consumers, causing credit and debit fraud numbers to soar.

What does next year hold for fraud against financial institutions? Here are 10 of the new and old ways criminals will be looking to commit fraud in 2009.

1. ATM Network Fraud
According to Paul Kocher, president and chief scientist of Cryptography Research Institute, the number one area that institutions will see fraud growing over the next year is in ATM networks. "When the criminal gets access to magnetic stripe data and associated PIN values, they are then able to create cards, and basically then it's a license to print money," Kocher explains. Another problem for institutions is that their ability to perform risk management is significantly less on an ATM network than online transactions. "This is because the ATM delivers the goods to the consumer immediately to them, which is exactly what the fraudsters want -- the cash, rather than a large ticket item they have to then fence or resell," he concludes.

Kocher predicts that until U.S. financial institutions and credit card companies roll out either a contact or contactless-based smart card infrastructure, there won't be a great reduction in the amount of fraud being perpetrated against U.S. consumers. "Once they decide to do this, it will cause a great reduction in the amount of fraud, because we've seen it happen in Europe," says Kocher.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Healthcare Enews General Healthcare Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

2. Check Fraud
The area of check fraud is also becoming continuously more sophisticated, and the underlying technological systems haven't kept pace with the sophistication of the adversaries, says CRI's Kocher.

"Initially there will be more pain and losses on the part of institutions, and then more technological changes on their part to try and catch up to the criminals' ability to perpetrate check fraud," he observes. There won't be a solution for paper-based check fraud, Kocher says, until we have a technological development where the check itself can be authenticated via a chip or code. There are actions that could be taken, such as printing a code on the back of the check that the bank can verify, like a credit card,

"Eventually we'll end up with something similar to that, but the question is how long will it continue to grow until it becomes financially painful enough for banks to implement this?" Kocher asks.

3. 'Laser-Guided' Precision Strikes
The organization and sophistication of criminals is increasing, and so is the sophistication of their attacks. Mike Rothman, Senior Vice President of Security Strategy at eIQnetworks, sees a "laser-guided" approach to targeting precision attacks on institution's customers as the next step that these criminals will take. "They will use data already collected from previous attacks on companies, including ChoicePoint and others to build their attacks." One information security researcher told Rothman that organizations like the Russian Business Network, RBN, have built demographic databases "that rival some of the biggest and most significant demographic databases in the financial services industry that are used here in the States legally."

The criminal groups like RBN are compiling huge amounts of data in order for consumers to share account information with them. This allows them to entice those customers to "give up the goods" by divulging enough information so they feel comfortable with the scam. The victims include small businesses, which Rothman sees as the next crime front.

"Most small business owners are not sophisticated enough or wary to emails that would offer services," Rothman notes. Especially in the tough economic times facing all business, he sees there will be a marked increase of fraud targeting the small businesses. "We're always going to see criminals targeting consumers. The small businesses that are already being pushed to the wall in these hard economic times won't realize they've fallen prey to a slick targeted attack until it's too late, and there is a lot of fertile ground out there that could be attacked." One example Rothman says could be the offer of online applications for small business loans, or credit lines. In many cases, these attacks could be launched under a generic social engineering attack. Proactively, financial institutions can continue to train employees and offer information to customers making them aware of these types of attacks.