Losses to financial institutions and their customers as a result of cyber-related fraud declined over the last 18 months, even though the number of attacks increased, according to testimony at a hearing held Wednesday by the House Financial Services Committee.
That finding comes from the Financial Services Information Sharing and Analysis Center, an organization dedicated to fighting cybercrime whose members include thousands of banks, credit unions, insurance companies and payment processors.
"Statistics indicate financial institutions are doing a better job of stopping fraudulent transactions from being created and from funds leaving the financial institution," said William Nelson, the organization's president.
In 2009, 63% of reported takeovers of commercial accounts resulted in funds being sent out of the financial institution, according to survey data cited in Nelson's testimony. In the first six months of 2010, that number fell to 36%.
Likewise, the percentage of cases where monetary transactions were created but the funds were stopped before they left the financial institution rose from 20% to 36% during the same time period.
Notwithstanding the progress, witnesses at the hearing testified about the need for greater vigilance and better collaboration between government and private industry.
"The bottom line is: No one entity has all the information; it takes teamwork to bring all the pieces together to complete the picture," said Greg Garcia of Bank of America Corp. "Most acknowledge that actionable threat information that is not shared is useless information."
Democratic and Republican lawmakers at the hearing were on the same page about the importance of the cyber crime threat.
"This year alone there have been numerous security breaches and attacks on private companies, federal agencies, and financial institutions," said Rep. Shelley Moore Capito, R-W.Va., the subcommittee's chair. "These threats are especially acute in the financial services industry."
Rep. Carolyn Maloney of New York, the subcommittee's top Democrat, warned: "There is no such thing as a completely secure network. And the cost to secure these systems is extremely high, both in terms of protecting against hacking incidents and combating them when they happen."
The hearing also touched on several other key areas, including:
• The new federal guidance on Internet banking authentication, issued in June by the Federal Financial Institutions Examination Council, got positive marks from the non-profit organization formed by financial institutions to combat cyber crime. The new guidelines advise financial institutions to verify customers' identities using multiple challenge questions that can't be answered using publicly available information.
"Commercially reasonable security procedures must achieve an appropriate balance between security, risk and usability," the Financial Services Information Sharing and Analysis Center states in its testimony, adding that the recently issued guidance "goes a long way towards achieving that balance without dictating any single solution which may prove to be untenable over time."
• The FBI warned that mobile banking and Twitter offer new opportunities for cyber crime. Specifically, criminals are sending malicious text messages and tweets to gain access to users' online banking accounts.
"Because financial institutions sometimes use text messaging to verify that online transactions are initiated by a legitimate user, the infected mobile phones forward messages to the criminal, thwarting the bank's two-factor authentication," Gordon Snow, assistant director of the FBI's cyber division, said.
• Witnesses warned about the threats posed by a company's own employees and contractors. The FBI notes that people with direct access to a firm's core processing centers may be in a position to steal intellectual property, insider information, and data that could damage the company's reputation.
Be the first to comment on this post using the section below.