- advertisement -
Banking industry needs to tackle account hijacking

The increasing number of people migrating to the Internet to bank and pay bills has helped spur the growth of account hijacking, a subset of identity theft that involves unauthorized access to checking accounts. Gartner Inc., a research and advisory firm, calls it the fastest-growing type of financial consumer fraud in the United States, robbing nearly two million people of an estimated $2.4 billion in a recent 12-month period.

- advertisement -

The problem of account hijacking may seem relatively small when compared to overall identity theft, which victimizes 10 million Americans and steals $50 billion from businesses and consumers annually. But the speed at which account hijacking is growing could threaten to undermine whatever faith consumers have in handling banking and other financial transactions online.

Much of account hijacking is accomplished through phishing and hacking. Phishing e-mails are fraudulent e-mails that purport to be from your bank and require you to click on a link and then enter personal information that enables the scammer to access your account.

But thanks to fraud tactics such as Trojan horses and keystroke logging, some phishing scams don't require you to click on a link; just opening the e-mail can trigger a virus that directs your computer to a fake page when you type the bank's Internet address. You then type in your credentials and the bad guy steals them.

"We're seeing more cross-phishing e-mails and Web sites that actually use parts of the bank's Web site," says David Jevans, chairman of the Anti-Phishing Working Group. "It looks completely legitimate. It's disturbing. They're scanning the banks' Web sites for vulnerabilities and exploiting them."

The Anti-Phishing Working Group keeps track of attacks and says that the average monthly growth rate in phishing sites from July 2004 through November 2004 was 28 percent. Tracking down the fraudsters and catching them isn't easy. The average amount of time those sites stayed online was 6.2 days.

The Federal Deposit Insurance Corporation, which has been the subject of multiple phishing attacks, says the banking industry's response to phishing and hacking has been fragmented, and that needs to change.

"Different levels of banks have done different levels of things to combat this as it arises in the institution," says Michael Jackson, associate director of consumer protection at the FDIC. "It's time for the industry as a whole to step up to the plate. Technology has continued to evolve and the whole industry has not adjusted to the problem as we'd like to see it. Let's push to another level. Be proactive, if possible.

"It would be nice to see what works and what works well instead of some banks may not be doing anything while some do something and some do more."

However, American Bankers Association spokesman John Hall says the industry is united in trying to stop account hijacking, and that institutions of all sizes are working on the problem.

"I understand the FDIC wanting us to get together. We are. It's hard with 6,000 institutions. As far as one entity trying to stop it, it's frustrating. It's the same as with bank robberies. Unfortunately there are people who will try to do this.

"The best thing institutions can do is educate people about phishing so they don't fall for it. Banks don't look at fraud as a competitive issue; they work together. We have peer groups on fraud that share information. All banks are doing something."

Next: ""We're taking a proactive approach. ..."
Page | 1 | 2 | 3 |
Online banking security
Banking glossary
More banking stories
Winners and losers: Certificates of deposit
Winner or loser: Mortgage shopper
Winner or loser: Home equity loans

Checking and Savings
Compare today's rates
Interest checking 0.37%
MMA 0.34%
$10K MMA 0.31%
Rev up your portfolio
with these tips and tricks.
- advertisement -