So far we believed that SSL certification is a sure way of authenticating the veracity of a web site. However, business growth sans due diligence & appropriate regulation, could pose a greater problem with people transacting sensitive online work with “false” trust!
JP Morgan Chase, the largest bank of the US in terms of assets, acknowledged a massive data breach that affected 76 million households and 7 million small businesses. The bank disclosed the extent of the breach in a filing in early October with the Securities and Exchange Commission. The bank reported no unusual customer fraud had resulted from this breach. Hackers obtained personal information such as customer names, addresses, phone numbers and email addresses. However, JP Morgan Chase said that sensitive bank information–account numbers, passwords, social security numbers and birthdates–were not part of the breach. The breach occurred in June and July, and affected customers that used Chase web and mobile services.
In 2012, the total losses resulting from account takeover and new account fraud each rose by approximately 50% over the previous year. These two fraud types impact consumers most severely, and are historically more difficult for FIs to prevent and detect than any other major fraud type. One of the fastest-growing areas of fraud is so-called “new account” fraud, in which criminals use information stolen from consumers to open credit card accounts or gain credit for cars or high-end consumer goods such as furniture or home theater systems. That type of fraud rose by 50%, with more than $10 billion in losses, according to Javelin’s 2013 Identity Fraud Report, released today. For eight years, Javelin has evaluated the top 25 FIs by deposit size based on their consumer‐facing security features in the three fraud stages of Javelin’s Protection, Detection, and Resolution Model.
Javelin’s security research found that 5 of the top 25 FIs prohibit the use of the Social Security number (SSN) to authenticate a user’s identity, up from none in 2011. Javelin found that five of the top 25 U.S. financial institutions no longer use Social Security numbers to authenticate a user’s identity. Law enforcement officials say Social Security numbers are the Holy Grail to I.D. thieves, so taking them out of the equation is a big security help to banking customers.
Fraud prevention is a winning security strategy to both attract and retain account holders, as consumers strongly value security when choosing a new institution and the perception of security is a critical factor in attrition.
“The best security model is one where FIs and their customers partner together in securing financial accounts,” said Al Pascual, Industry Analyst – Security, Risk & Fraud at Javelin Strategy & Research. “By focusing on educating and engaging the consumer in security authentication decisions and procedures, the FI can most effectively prevent attacks and threats from plaguing their valuable customer base.”
While early detection, efficient and comprehensive resolution may mitigate the impact of frauds which have already occurred, successful prevention deflects fraud attempts, reducing the costs associated with detection and resolution.
Javelin Strategy & Research’s 2013 Banking Identity Safety Scorecard evaluates financial institutions on their ability to prevent, detect and resolve emerging threats and attacks on their customers. It is based on the analysis of the top 25 financial institutions, by deposit size, based on their consumer‐facing security features and two online surveys of more than 11,000 consumers.
Information Security & Enterprise Risk Blog 