Two thirds of banks believe cyber-crime is uncontrollable

It will come as no surprise to many that a majority of banks believe they will never be capable of eradicating cyber-crime, and that fraudmonitoring and detection tools are the top of their shopping lists.

In my blogs entitled "Authentication is failing, so turn on the burglar alarm " and "It's time for banks to up the ante against fraudsters" (see https://www.finextra.com/blogs/fullblog.aspx?blogid=5491) I spoke of the need for banks to go beyond using front-line detection tools and focus on using other detection methods including behavioural profiling.

As this article states "Client education will be key", so it will be our own responsibility as much as the banks to watch out for financial fraud. For more on this please read the blog "Victims of financial crime. Could you be next?" at https://www.finextra.com/blogs/fullblog.aspx?blogid=4363

So while examples of financial crime such as cyber-crime seem currently uncontrollable, there are methods and technologies to help out. History shows that this to be true. Card fraud was rampant several years ago, but was reduced by introducing measures such as PIN. The result(according to CIFAS 2011 report) is that fewer bank accounts and plastic cards were targeted by fraudsters (15% and 37% decreases respectively in 2011).

The worrying thing is the many different channels fraudsters can now target. For example, the decreases in card fraud have already been offset by increases of 30% in communications products compared with 2009 (source: CIFAS). In the current economic climate, the prospect of more fraud remains likely, including from within (internal fraud) the banks.

However, banks will eventually fight back. They just have to remain ever vigilant as fraudsters look for new chinks in their armour.

Dear Sirs, As long as banks allow customers to remotely access funds by user ID and static password, they will never be able to combat cyber crime. As long as we can make e commerce payment transactions by the simple entry of data visible on the card we will se cyber crime rise. 40 years ago there was a problem with paper cheque third party fraud and in those days a legal requirement to show a photo ID card when issuing a paper cheque to a merchant was introduced. In a similar manner there is need for approptiate digítal ID and authentication including the verification of placed orders i the virtual world financial services. Unless banks manage to create these security measures and educate customers to use them, cyber crime will expand and not retract. The development of secure virtual services however compete with customer convenience issues, time to market and unwillingness to spend on neccessary investments and cost of operations for security measures. The famous business case for security is hindering solutions being introduced and not lack of know-how. Perhaps a public regulation is needed to curbe cyber crime?

One step that can be taken by the operators of the ACH network in the US is to amend the fundamental NACHA rules that govern the use of the ACH network. Today, there is no definition for Fraud in the NACHA rules.

Traditionally, ACH has been set up and used by banks and corporations to move large amounts of money between and among themselves. This has all been accomplished by a basic gentlemans agreement in accordance with NACHA rules.

However, NACHA rules are not set up for consumer behavioral driven transactions and therefore do not provide for any kind of consumer perpetrated fraud.

I am thinking of chargebacks, incorrect account numbers (maybe on purpose?), rapid funds movement through several different bank accounts in quick succession, recourse for someone who has had their money stolen and they need fast resolution and there is none as a few examples.

As the financial community finds new and expanding uses for the ACH network, the NACHA rules likewise need to evolve along with the changing usage to enable proper protections.

If new NACHA rules are implemented, it will give the banks more leverage and movement to take action against fraudsters. Right now, banks are limited by the rules and the fraudsters are exploiting the holes in the NACHA rules.