The Elephant in the Room: Why Aren’t Banks Doing More to Fight Fraud?
The key to maintaining success within any sector of the business world is the ability to identify internal and external issues and determine a course of action to resolve them. This fundamental business practice has been heavily employed within the financial services industry as trends, technology and customer preferences have evolved in recent years, leading to improvements, such as drive-up ATMs and online lending practices, designed to address growing issues.
Internet banking fraud has been a problem for the financial industry, since the channel was first introduced to consumers more than a decade ago. While the issue itself is not a new occurrence within the industry, fraud losses continue to increase year-after-year, as if today’s institutions are either unaware or unconcerned with the problem.
A 2013 report from RSA sites a 59 percent increase in phishing attacks last year, which leads many experts to anticipate a continued increase in fraud attacks without swift action from banks.
With RSA reporting fraud losses now representing a staggering $1.5 billion loss in revenue for financial institutions and experts seeing no end in sight, why isn’t more being done to combat the issue?
While the growing fraud phenomenon raises many questions within the industry, the real problem lies in how banks are choosing to handle fraud protection and why they seem complacent by setting aside loss reserves and continuing to live with the problem. Rather than sitting back and quietly writing off losses or settling for meeting minimal security requirements, banks need to seriously evaluate what security measures a ineffective and augment or replace them entirely.
Out with the Old…
With the introduction of greater technology capabilities and a continuing migration away from traditional brick and mortar institutions, the scope of fraud has changed drastically in recent years. This presents a significant challenge for banks as traditional practices and outdated solutions are little match for the increased strength and speed of today’s fraudsters. However, this is no excuse for banks to simply roll over and take a beating.
In an effort to decrease Internet banking fraud, the Federal Financial Institutions Examination Council (FFIEC) updated guidance on “Authentication in an Internet Banking Environment” last year. While the guidance calls for financial institutions to adopt a layered approach to online banking security, experts still expect fraud to continue to grow throughout 2013.
Although the updated guidance from the FFIEC is a step in the right direction, many institutions are simply choosing to meet the minimum requirements to avoid penalties or fines from examiners. The fact of the matter is fraud still represents a multi-billion dollar revenue loss for the financial industry even with these latest guidelines in place. In layman’s terms, simply checking the box is not enough.
In order to best protect themselves and their customers, banks need to focus more attention on pursuing alternative security practices rather than continuing on with those that have proven unsuccessful in the face of more sophisticated fraud attacks. Banks willfully choosing to ignore the signs risk not only continuing to experience greater instances of fraud, but also higher revenue losses and negative impacts on future business.
Innovate or Be Hacked
Just as the financial industry has experienced greater innovation in technology in recent years, banks need to continually focus on further enhance security measures to stay one step ahead of fraudsters. Although phishing is one of the oldest online scams, banking customers continue to fall victim time and time again, which does not bode well for a decline in attempted attacks any time soon.
Traditionally, financial institutions have employed various one time passwords or SMS confirmation messages, which have since been easily compromised by fraudsters. By exchanging weaker security infrastructure for more robust safe guards, such as out-of-band and two-factor authentication, banks can not only meet the full guidelines suggested by the FFIEC, but go beyond traditional practices to ensure positive growth.
With new technologies and innovations started to show a proven track record of defense, the time to make a change is now. Rather than continuing to fight a losing battle, banks need to challenge the status quo and exchange outdated processes for those that can stop fraud attacks. Otherwise, current banking security strategies will continue to serve as a revolving door for fraudsters to come and go as they please.
Doug Parr has more than 25 years of experience as an international financial technology executive. As senior vice president of Entersekt, a pioneer in transaction authentication, he is responsible for providing vision and leadership in developing and implementing product and market strategies for the company’s software and solutions.
