04:22 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly

Financial Institutions Are Losing Clients As A Result Of A Single Fraud Attack

Third annual Guardian Analytics and Ponemon Institute 'Business Banking Trust Study' detects widespread fraud and loss of funds

Mountain View, Calif., August 6, 2012 —Guardian Analytics, the market leader in behavior-based fraud prevention solutions, together with independent research firm, Ponemon Institute, today announced the results of the third annual Business Banking Trust Study. Nearly 1,000 owners and executives of small-and-medium-sized businesses (SMBs) in the United States participated in the study. Year over year results show that SMBs are ongoing victims of account takeover and still piling up losses due to fraudulent ACH, wire and other transactions. The most revealing findings are that, as a result of fraud, SMBs are not only losing confidence in their financial institutions’ fraud prevention practices (30 percent of responses), but are taking some or all of their banking business elsewhere (40 percent).

The study revealed that 73 percent of online fraud attacks result in the successful transfer of money. Despite efforts by financial institutions to recover funds, 61 percent of reported fraud attacks result in lost funds. Reimbursement of losses varies – in some cases the business takes the full loss, in some instances losses are shared, and in one quarter of instances, banks reimburse the business fully for any losses. In the end all parties suffer significant financial loss as a result of fraud.

"The Ponemon Institute’s study clearly outlines the strategic impact that fraud has on a financial institution – lost profits and lost customers," said Terry Austin, CEO, Guardian Analytics. "Further, recent court cases have sided with businesses when it comes to fraud liability, emphasizing financial institutions need sound practices and security to protect customers from account takeover attacks. Fortunately, there are fraud prevention solutions that are proven to be effective, giving financial institutions a significant opportunity to restore trust with their customers by taking a more proactive stance in preventing fraud."

Additional findings from the 2012 Business Banking Trust Study include: SMBs are rapidly increasing their use of online and mobile banking. o Fifty four percent of businesses now use mobile devices to access online banking, up from 23 percent in 2010 o The proportion of businesses doing all business banking online has more than doubled from 9 percent in 2010 to 20 percent in 2012

Fraud attacks against businesses are widespread o Seventy four percent of SMBs have experienced electronic banking fraud o Fifty two percent have been hit by fraud in past 12 months

SMBs expect their financial institution to be the expert, but think they’re not doing enough o Seventy two percent indicate that they hold the FI primarily accountable for ensuring that their online bank account is secure o However, only 43 percent say their FI takes appropriate action to limit risky transactions

There is room for improvement for all parties’ fraud prevention efforts o Money left the financial institution before it was noticed in 73 percent of cases o Year over year, businesses have not improved their own fraud prevention practices

Fraud losses result in lost business for FIs o Fifty six percent of SMBs indicate that it would take only one successful fraud attack to lose confidence in their FI’s ability to provide adequate security o Seventy percent of respondents indicate that online fraud – either successful or just attempted – diminished their trust and confidence in their FI or caused them to take some or all of their banking business elsewhere

"This year's data confirms that SMBs are looking to their financial institution to be the expert on fraud prevention, and they have every right to do so," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. “Fraud techniques continue to evolve rapidly and financial institutions must continually monitor and update defenses to stay ahead of criminal activity. The FFIEC Guidance reinforces this by requiring layered security that, at a minimum, includes anomaly detection, plus risk assessments whenever something in the threat landscape changes, such as the discovery of another new threat."

The Ponemon Institute’s 2012 Business Banking Trust Study, commissioned by Guardian Analytics with surveys completed in May 2012, provides insights into SMBs' online banking behavior, their views of banks' security practices, and the impact just one fraud incident can have on banking relationships. This year’s study was expanded to included sections on ACH payments, mobile banking, and wire transfers. It also provides recommendations for banks and businesses to prevent fraud and improve client trust. Download the report here.

About Ponemon Institute The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a variety of industries. For more information, please visit www.ponemon.org.

About Guardian Analytics Guardian Analytics is the pioneer and leading provider of behavior-based fraud prevention solutions for electronic banking. With nearly 200 customers, more financial institutions trust Guardian's SaaS solutions to protect their clients' assets and conform to FFIEC expectations for anomaly detection than any other solution. Based in Mountain View, Calif., Guardian Analytics is privately held with venture funding from Foundation Capital, Sutter Hill Ventures, Split Rock Partners and Triangle Peak Partners. For more information, please visit www.GuardianAnalytics.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.