A recent Aite Group survey of 83 executives at U.S. financial institutions found that respondents reported significant increases in both application fraud and account takeover (ATO) fraud over the past year.
Fifty-one percent of respondents said application fraud attempts for demand deposit accounts (DDAs) were up compared to 12 months ago, and 37 percent said the same of application fraud attempts for credit cards. Forty-three percent of respondents said ATO fraud attempts for DDAs were up, and 46 percent said the same of ATO fraud attempts for credit cards.
And many of those attacks were successful -- 41 percent of respondents said application fraud losses for DDAs were up, 32 percent said application fraud losses for credit cards were up, 41 percent said ATO fraud losses for DDAs were up, and 39 percent said ATO fraud losses for credit cards were up.
Payment Fraud Attempts
Similarly, a recent survey of 330 corporations by Bottomline Technologies and Strategic Treasurer found that 65 percent of corporations experienced payment fraud attempts in the past 12 months -- 45 percent experienced check forgery attempts, 37 percent experienced BEC-oriented wire fraud, and 22 percent experienced ACH fraud attempts.
"The threat of financial loss and reputational damage is growing dramatically, as the increased frequency in attacks is accompanied by higher success rates and a disproportionately larger haul through new, more sophisticated methods of fraud," the report states.
In response, 24 percent of respondents plan to increase their spending this year on fraud prevention, detection and controls, more than five times as many as those planning to decrease such spending.
Still, just 11 percent of companies reconcile all of their bank accounts daily, a drop from 24 percent in 2016.
"If firms are to effectively address the threat that fraud poses, they must first recognize just how prevalent fraudulent activity is, and that the criminals behind this activity are not just a couple of uninspired individuals attempting to cash fake checks," the report states. "Today's criminals are using sophisticated and innovative methods to defraud comapnies out of thousands, if not millions, of dollars, and they are willing to wait months and even years to carry out their schemes."
The Financial Malware Threat
In fact, a recent Symantec study [PDF] found that the financial malware threat is 2.5 times bigger than that of ransomware -- last year, detections of the Ramnit financial Trojan equaled all ransomware detections combined. Three threat families -- Ramnit, Bebloh and Zeus -- were responsible for 86 percent of all financial threat attacks.
While 38 percent of financial threats were detected in business locations in 2016, the report suggests that most of those attacks were due to widespread email campaigns and weren't targeted. Still, Symantec researchers say they've also seen an increase in targeted attacks on enterprise customers aimed at stealing large sums of money.
NuData Security vice president Roberts Capps told eSecurity Planet by email that it's not surprising to see financial malware being used more than twice as much as ransomware. "Up to $1 billion has been stolen over the last two years from financial institutions worldwide due to cybercrime," he said. "Attacks evolve every day, not only on banks and financial institutions, but also bank customers with cyber criminals digitally picking their pockets with mobile malware, man-in-the-middle attacks and more."
Authentication, Capps added, is key to cutting down on fraud. "With a layered security approach involving passive biometrics and behavior analytics, observing user behavior in detail will enable banks to stop fraud before it has detrimental consequences and without inconveniencing their customers," he said.