CIOs only have to hear it once to know they have more than potential bad press on their hands: If one out of every five victims of identity fraud leaves his or her bank after the incident, the bank has customer attrition problems as well-and they can snowball. Why? People talk.

But a greater focus on prevention, detection and resolution of ID fraud over the past four years has translated into big advances for banks, according to Javelin Strategy & Research's 2008 Banking Identity Safety Scorecard.

The average ID fraud currently costs $5,574 per victim and takes 26 hours to resolve-an improvement over 2007, when banks lost ground on the resolution front, and 2006, which lagged this year's aggregate score by two percentage points. Overall, the upper half of U.S. depository institutions collectively gained nine percentage points for their resolution efforts.

Javelin employed mystery shopping (averaging 5.8 calls per institution) and Web site research to score 25 leading U.S. financial providers against prevention, detection and resolution criteria developed by the research firm. The study's findings represent 50 percent of the U.S. market in 2008 by dollar value of deposits, according to the FDIC. Washington Mutual, Wachovia and National City were treated as independent entities, according to Javelin.

One key to the gains made by financial institutions has been the empowerment of customers to participate in protecting their own deposits and identities. Javelin put the cost of such crime at $45 billion.

Ninety-two percent of banks offer fee-based security services such as credit monitoring to detect new account fraud. But just 16 percent of institutions partner with security vendors such as Kaspersky, Trend Micro, Symantec, and McAfee to protect customers from online fraud (One standout: Barclays PLC, which began giving its customers Kaspersky software free of charge earlier this year).

Of those banks and credit unions surveyed, multi-factor authentication has been fully implemented for online banking. Not true for mobile and telephone banking, with fewer than half and only 28 percent, respectively, deploying similar account protection for these channels. Javelin officials contend authentication must occur across all channels and that alerts could play a vital role in soliciting customers' participation in fraud mitigation.

While the overall scorecard results are encouraging, banks need to address prevention more aggressively. "Identity fraud, which continues to be a scourge in the industry, continues to be attacked by banks in the way organizations typically respond to large emergencies: first rescue the victim, then work to prevent more victimization from occurring," says Javelin's Mary Monahan, managing partner and research director. "Prevention builds the foundation to strong security; clearly more work remains."

Subscribe Now

Access to authoritative analysis and perspective and our data-driven report series.

14-Day Free Trial

No credit card required. Complete access to articles, breaking news and industry data.