Debit Cards Are The Financial Instrument Targeted Most By Fraudsters
Gartner has announced results from a survey of online US adults finding that $3.2 billion was lost in 2007 from phishing attacks with 3.6 million adults having been affected. According to Gartner, "thieves are increasingly stealing debit card and other bank account credentials to rob accounts — targeting areas where fraud detection is weaker than it is with credit card accounts."
"Phishing attacks are becoming more surreptitious and are often designed to drop malware that steals user credentials and sensitive information from consumer desktops," said Avivah Litan, vice president and distinguished analyst at Gartner. "Anti-phishing detection and prevention solutions are available but not utilized widely enough to stop the damage. These must be deployed and combined with solutions that also proactively detect and stop malware-based attacks."
"Customer-facing organizations cannot expect their customers' desktops to be protected from malicious code, nor from e-mail and/or advertising traps that lure innocent consumers to Web sites that turn out to be infection points," Ms. Litan said. "In fact, 11 percent of online adults say they don't use any security software (such as antivirus or anti-spyware products) on their desktop, and another 45 percent only use what they can get for free."
"Criminals have stepped up attacks on debit card and bank accounts, where back-end fraud detection systems are traditionally weaker than they are with credit card accounts," Ms. Litan said. "Fraud detection and authentication systems deployed widely in online banking in response to FFIEC banking regulator guidance are already a step behind fraudsters' latest techniques and must be updated to guard against browser hijackings, "man in the middle," and other hidden malware-based attacks often delivered to users through phishing e-mails. Regulators must get a better handle on the problem through consistent and timely bank reporting on their fraud incidents and losses."
Ms. Litan said bank regulators appear to be in the dark when it comes to measuring damage from phishing attacks. The University of California at Berkeley conducted a Freedom of Information Act request, asking the Federal Deposit Insurance Corporation for all bank-reported data on fraud attacks between January 27, 2005 and May 30, 2007. Gartner and UC Berkeley analyzed these data and found spotty, unreliable and unstructured data reported by U.S. banks to the regulator. Just 451 unique incidents were reported in this period. "The data quality was so poor that it was impossible to draw any conclusions from it other than that the regulatory reporting on fraud attacks is severely lacking," Ms. Litan said.
"Enterprises should at least protect their own brands from being used in phishing attacks by subscribing to an anti-phishing solution," Ms. Litan said. "Similarly, companies should subscribe to anti-malware services that detect malware targeting the firm's customers, and prevent it from spreading across consumer desktops. Custodians of consumer financial accounts must protect those accounts through fraud prevention, stronger user authentication and transaction verification."
Add your comment... (note that all comments are reviewed before they're published)