Fraud Survey: Banks Get Bigger Budgets

Results Also Show Low Conformance with FFIEC Guidance

By , April 12, 2012.
Fraud Survey: Banks Get Bigger Budgets

More than half of banks and credit unions expect an increase in fraud-fighting budgets and staffing this year. But where are they investing those resources?

See Also: CISO Agenda 2015: Adding Value to a Security Program with Application Security

According to results of the 2012 Faces of Fraud Survey, announced April 10 in the 2012 Faces of Fraud webinar, 58 percent of the 200-plus respondents say their institutions will see increased fraud resources in 2012 - 17 percent expect to see 10-to-20 percent hikes.

Yet when pressed by federal regulators to upgrade security controls to conform to the FFIEC Authentication Guidance, only 11 percent say they have come into conformance since the updated guidance was issued in 2011. Half of the survey's respondents say they do not conform now, and nearly one-quarter say they don't even know their state of conformance.

Why the disconnect?

"The survey results reflect the confusion among most banks as to what's expected of them when it comes to practical technical solutions," says Gartner analyst Avivah Litan. One example: "Many banks are wondering if they need to switch their modus operandi for challenge questions, to follow the explicit guidance in the FFIEC update about using the more elaborate and expensive challenge questions from public data aggregators," she says.

The Faces of Fraud survey is an annual study conducted by Information Security Media Group, publisher of BankInfoSecurity. The online survey was conducted in February of this year, and respondents are from banks and credit unions of all sizes, primarily based in the U.S. Preliminary survey results were revealed at an RSA Conference presentation in early March. Final results were presented in the new webinar, which includes survey analysis by banking/security experts Matthew Speare of M&T Bank and George Tubin of GT Advisors. (See 2012 Faces of Fraud: First Look.)

The 2012 Faces of Fraud survey is sponsored by Authentify, Guardian Analytics, i2, RSA Security and Wolters Kluwer Financial Services.

Top 5 Fraud Trends

The survey shows the top five most common forms of fraud are:

  • No. 1: Credit and Debit Fraud. Some 84 percent rank card fraud as their top threat, but only 41 percent say their organization is prepared to prevent and detect card fraud.
  • No. 2: Check Fraud. Despite declines in the volume of checks processed annually, 76 percent say check fraud remains an issue, but only 45 percent say they feel equipped to thwart the threat.
  • No. 3: Phishing and Vishing (Socially Engineered Schemes). Half of the respondents, rank these schemes among the top five threats, yet only 28 percent say they feel prepared to detect and prevent them.
  • No. 4: ACH and Wire Fraud (Account Takeover). Here, the numbers were a bit more promising. While 43 percent ranked ACH and wire fraud among the top threats, 60 percent say they feel prepared to fight and prevent the threats posed by account takeover incidents.
  • No. 5: ATM Fraud (Skimming and Ram Raids). A total of 35 percent rank ATM fraud as a top threat, and 35 percent say they feel prepared to detect and prevent fraud linked to this self-service channel.

Although banks' increased spending on prevention will help reduce fraud, they have to ensure they're investing in the right technologies, says Speare, who oversees security for M&T Bancorp., which has $80 billion in assets.

"It just depends on the organization," he says during the webinar. He notes that technology investments don't always jibe with need.

FFIEC Guidance: It's Impact

Despite confusion about the FFIEC guidance and conformance, respondents are motivated by the elements of the update. This motivation will be reflected in their 2012 investments, analysts say.

"The FFIEC guidance is what's bringing in a lot of the investment," says Mike Urban of Fiserv, a core processor that provides security services to financial institutions. "It's forcing everyone to think about their online banking in a different way, and, as a result, they're addressing more cross-channel risk."

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE New Approach to DDOS Protection

Attacks are larger, adversaries more diverse, and damage is broader. These are characteristics of...

Latest Tweets and Mentions

ARTICLE New Approach to DDOS Protection

Attacks are larger, adversaries more diverse, and damage is broader. These are characteristics of...

The ISMG Network