Banks and other financial institutions are not protecting their small-business customers from cyber-fraud and online attacks that are cleaning out accounts.
Small and midsized
businesses are more susceptible to online-banking fraud, compared with larger
businesses and enterprises, according to a new security report from the Ponemon
Institute. What's worse is that many financial institutions are not doing
enough to protect smaller businesses from cyber-crooks.
Over half, or 56 percent, of
the surveyed companies reported experiencing some sort of banking fraud in
2010, according to the Ponemon Institute, which released its 2011 Business
Banking Trust Study April 4. Of those companies, 75 percent said the fraud
occurred online and 61 percent claimed to have been targeted multiple times.
The survey included payment
fraud and account takeovers.
"Our research reveals
continued bad news," according to the report. The financial industry "has not
moved the needle" in addressing the security
that would address account takeovers and other types of fraud
"plaguing" SMBs and their banks, the report found.
The worrying thing about the
increase in online fraud is that organizations are ill-equipped to detect these
scams. The banks didn't discover more than three-quarters of these security issues
until after the funds had been transferred out of the victim's account. About
78 percent of the businesses surveyed checked for potential fraudulent activity
by checking their statement balances at the end of the month.
Banks were able to fully
recover the fraudulently transferred funds for 10 percent of businesses, and
took losses in 37 percent of the cases by reimbursing the businesses. Targeted
businesses took a loss in 60 percent of the cases.
Being compensated for
fraud-related losses can also be tricky. Only 8 percent of the victims claimed
their banks fully compensated their losses, 29 percent had partial compensation
and 31 percent said they received no compensation at all. Regardless of how
they were compensated, 43 percent of the survey participants said they didn't
think the bank would cover any losses in case of fraud.
The prevalence of
smartphones and tablets exposes them to risk. About 38 percent of the
respondents claimed they access their critical and sensitive financial
information using mobile devices, compared with 23 percent in 2010. About 70
percent of survey respondents had the perception that the financial institution
should ultimately be responsible for protecting online accounts.
Considering that financial
institutions generally have deeper resources, more expertise and better
technology than their SMB customers, banks should be doing a better job at
protecting customers, the report found. There is "big opportunity" for banks to
take control of the situation with proactive fraud-prevention strategies that
would both improve their relationships with customers and save money.
Regardless of how the
thieves gained access to the accounts, many businesses blamed the bank and
acted accordingly. Ten percent of businesses terminated their banking
relationship following the attack and moved to a new financial institution.
Another 33 percent didn't fully close out their accounts, but moved their main
accounts to another institution.
Trust in banks can be
damaged easily, and businesses are less willing to give banks a second chance,
Larry Ponemon, chairman of Ponemon Institute, said in a statement.
The size of the financial
institution had no bearing on the prevalence of fraud. Credit
were as susceptible to fraud as major banks.
The survey included 533
respondents, mostly owners or senior executives, from businesses with fewer
than 200 employees and average annual incomes of $21.6 million. The 2011
Business Banking Trust Study was commissioned by Guardian Analytics. The
overall figures from the 2011 report are almost identical to 2011 numbers,
according to Terry Austin, Guardian Analytics CEO.