Over half of small and medium sized businesses in the US have been hit by payments fraud in the last year and banks are failing to proactively intervene to stop attacks, according to research from Guardian Analytics and Ponemon Institute.
The poll of 533 firms shows that 55% experienced fraud in the last 12 months, with 61% of these hit more than once, a similar picture to the previous year. In total, 75% of the businesses participating in the study experienced online account takeover and/or online fraud.
In addition, 78% of banks failed to catch fraud before funds were transferred out of their institution. Banks were able to keep money from leaving the bank in only 22% of cases and fully recover fraudulently transferred funds for 10% of businesses. In over two thirds of cases, banks were unable to recover funds, leading to losses for both them and the businesses.
With fraud rates so high, the research shows that SMBs are taking steps to protect themselves. A quarter have a dedicated computer for online banking, 49% use dual controls, 21% use positive pay and 55% of businesses practice daily reviews and approvals of outgoing transactions.
However, despite this, 70% think that their banks are ultimately responsible for securing their accounts. This is leading a high churn rate, with the pain of lost money and productivity driving 43% of businesses to move their banking activities after a fraud incident. About 10% of firms that experienced fraud terminated their banking relationship and 33% moved their primary cash management services.
Meanwhile, Guardian Analytics also highlights the emergence of another channel that could pose a security risk: mobile. Over a third of respondents say they access their company's banking accounts from mobile devices including smart phones and tablet PCs like the iPad, compared to only 23% in 2010.
Larry Ponemon, chairman, Ponemon Institute, says: "This year's data again affirms that businesses' trust in their banks is quickly damaged and they are not willing to give their banks a second chance. As online and mobile banking adoption continues to grow, the possibility for more fraud and more lost customers escalates. Endpoint security will be challenged to keep up with the growing number of devices and threats, and banks are in the best position to take the lead on proactively protecting all account holders from the wide variety of threats."