Three Quarters of All SMB Banking Cybercrime Happens Online

A recent study entitled "The 2011 Business Banking Trust Study" reports that three of every four small and midsized businesses that experienced banking fraud in the previous year incurred their losses online. Over half of the companies surveyed encountered some kind of banking scam during that period (56 percent, actually), and of that population, three-quarters (42 percent of the total) fell victim to an online account hijacking or some other kind of Web-based fraud. For companies or organizations that experienced account takeovers or other Web fraud, 61 percent (nearly 26 percent of the total survey population) was scammed more than once. This study was commissioned by security company Guardian Analytics (which specializes in banking security products), and conducted by privacy, data protection, and information security policy research firm Ponemon Institute.

In an Information Week story on this report ("75% of SMB Banking Fraud Occurs Online"), Guardian Analytics CEO Terry Austin is quoted as follows:

What we highlighted in 2010 was that the fraud problem was bigger than we expected and having a pretty substantial impact on businesses and the banks that serve them, and it hasn't gotten any better. In some cases it has gotten worse, but it certainly hasn't improved over the [last] 12 months.

SMBs who experienced fraud or losses did so at banks of all sizes, with equal probabilities at midsize or large institutions as for smaller ones. An extremely interesting set of numbers that relate to compensation for financial losses is reported in this story as  well:

Some 31% of the victimized SMBs included in the study said their bank didn't compensate them for fraud-related losses, while another 29% were only partially paid back. Just 8% of those surveyed said their bank fully covered their fraud-related losses.

Clearly the banks are where the fraud and losses are occurring, so that is where added efforts and protection will do the most cost. We can only hope the new FFIEC guidelines will force banks to do what they should be doing voluntarily, and that added levels of procedural and software protection can be brought to bear against this rising menace.

Stu Sjouwerman

Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews