Small and midsized businesses are more susceptible to online-banking fraud, compared with larger businesses and enterprises, according to a new security report from the Ponemon Institute. What's worse is that many financial institutions are not doing enough to protect smaller businesses from cyber-crooks.
Over half, or 56 percent, of the surveyed companies reported experiencing some sort of banking fraud in 2010, according to the Ponemon Institute, which released its 2011 Business Banking Trust Study April 4. Of those companies, 75 percent said the fraud occurred online and 61 percent claimed to have been targeted multiple times.
The survey included payment fraud and account takeovers.
"Our research reveals continued bad news," according to the report. The financial industry "has not moved the needle" in addressing the security issues that would address account takeovers and other types of fraud "plaguing" SMBs and their banks, the report found.
The worrying thing about the increase in online fraud is that organizations are ill-equipped to detect these scams. The banks didn't discover more than three-quarters of these security issues until after the funds had been transferred out of the victim's account. About 78 percent of the businesses surveyed checked for potential fraudulent activity by checking their statement balances at the end of the month.
Banks were able to fully recover the fraudulently transferred funds for 10 percent of businesses, and took losses in 37 percent of the cases by reimbursing the businesses. Targeted businesses took a loss in 60 percent of the cases.
Being compensated for fraud-related losses can also be tricky. Only 8 percent of the victims claimed their banks fully compensated their losses, 29 percent had partial compensation and 31 percent said they received no compensation at all. Regardless of how they were compensated, 43 percent of the survey participants said they didn't think the bank would cover any losses in case of fraud.
The prevalence of smartphones and tablets exposes them to risk. About 38 percent of the respondents claimed they access their critical and sensitive financial information using mobile devices, compared with 23 percent in 2010. About 70 percent of survey respondents had the perception that the financial institution should ultimately be responsible for protecting online accounts.
Considering that financial institutions generally have deeper resources, more expertise and better technology than their SMB customers, banks should be doing a better job at protecting customers, the report found. There is "big opportunity" for banks to take control of the situation with proactive fraud-prevention strategies that would both improve their relationships with customers and save money.
Regardless of how the thieves gained access to the accounts, many businesses blamed the bank and acted accordingly. Ten percent of businesses terminated their banking relationship following the attack and moved to a new financial institution. Another 33 percent didn't fully close out their accounts, but moved their main accounts to another institution.
Trust in banks can be damaged easily, and businesses are less willing to give banks a second chance, Larry Ponemon, chairman of Ponemon Institute, said in a statement.
The size of the financial institution had no bearing on the prevalence of fraud. Credit unions were as susceptible to fraud as major banks.
The survey included 533 respondents, mostly owners or senior executives, from businesses with fewer than 200 employees and average annual incomes of $21.6 million. The 2011 Business Banking Trust Study was commissioned by Guardian Analytics. The overall figures from the 2011 report are almost identical to 2011 numbers, according to Terry Austin, Guardian Analytics CEO.