Skip to content

Think Globally, Act Locally

Global Fraud

For the past few years, significant attention has been paid to the problem of online fraud on commercial accounts.   Often referred to as corporate account takeover fraud – or sometimes ACH and Wire fraud – this fast-growing threat first stepped into the spotlight with the issuance of the U.S. FFIEC’s 2005 guidance on Authentication in an Internet Banking Environment.

For the past few years, significant attention has been paid to the problem of online fraud on commercial accounts.   Often referred to as corporate account takeover fraud – or sometimes ACH and Wire fraud – this fast-growing threat first stepped into the spotlight with the issuance of the U.S. FFIEC’s 2005 guidance on Authentication in an Internet Banking Environment.

Then, from 2009-2012, the U.S. banking industry witnessed a few high profile legal cases involving banks, their corporate customers and some significant fraud loss events.  Around the same time, the FFIEC then issued a more detailed Supplement to their guidance in 2011, which called for a “layered security” approach to defend against online fraud attacks.  Over this period, financial institutions stepped up their fraud prevention efforts in earnest, and countless media articles and analyst reports covered the issues and related events.  Given all of this, and the slowing rate of news related to this issue you might think that there’s little new left to say about it.  

Not so.  At least based on my takeaways from a recent Gatepoint Research / ACI survey titled Strategies to Prevent Attacks on Commercial Accounts.  In short, the survey results highlighted a global view of the problem that hasn’t been widely covered.  Maybe this is because the FFIEC is a US regulatory body, and so most of the analysis and reporting of the problem has focused on attacks on US institutions.  But the survey drove home the fact that this is an international problem.  It also highlighted that financial institutions around the world share some common experiences, expectations and approaches as it relates to account takeover fraud, but in other areas, their views are quite different.

My take on a few of the more interesting survey findings:

  • North American institutions tend to come at the problem first from an IT security angle.  They emphasize “front door” defenses such as device identification, malware protection and secure browsing.  Their global counterparts, on the other hand, stress payment-specific transaction monitoring (“back door defenses”), focusing on wire, ACH and other common transaction banking payment types.  Could this be a sign that IT organizations in US banks still have more clout than the fraud/risk departments when it comes to technology investment?
  • Global institutions reported a higher incidence of wire and ACH fraud attempts – 54% have experienced it in the last 12 months, versus 40% in North America.  And, commercial account fraud losses are higher globally than in North America – 43% versus 14% in the last 12 months.  Could this be a sign that the  FFIEC guidance is working, and the fraudsters are shifting their attention to targets outside the US?
  • One perception that North American and global institutions share… reputation matters.  Both view reputational damage and damage to existing customer relationships as the most important negative impacts of commercial account takeover fraud.  In both cases, these impacts rate as more significant than the actual financial losses that may occur.  
  • The results of the survey make it clear that commercial account takeover fraud is a global problem, and financial institutions are taking different paths to defend against this growing and increasingly complex threat.  Another case of “think globally, but act locally”.

To explore the results of the survey and draw your own conclusions, check it out here.