How well does your bank protect you from ID theft? A better question might be, what does your bank do to help you protect yourself?
Javelin examined that question in a report released today, in which researchers looked at the tools the nation's biggest banks give their customers to fight ID fraud, scoring them according to their effectiveness and ease of use.
The report paints a picture of a banking industry struggling to keep up with the constant game of cat-and-mouse they play with ID fraudsters, especially when it comes to preventing and detecting ID fraud. On average, top-25 banks met just over 50 percent of the criteria needed in those areas to help keep customers safe.
While you might think that the biggest banks with the most resources would have the wherewithal to protect customers best, size didn't guarantee good results in the survey. While Bank of America came out on top, U.S. Bank, Huntington Bank, PNC Bank and Bank of the West rounded out the top five. Huntington Bank and Bank of the West are on the lower end of the top 25 banks in terms of deposits.
Here are the top 10 overall:
- Bank of America
- U.S. Bank
- Huntington Bank
- PNC Bank
- Bank of the West
- JP Morgan Chase
- Capital One
- (Tie) BBVA Compass, Navy FCU, Wells Fargo
I caught up with Phil Blank, managing director of security, risk and fraud research at Javelin and one of the authors of the report. Here's what he had to say about the report, the tools bank customers need to fight fraud and the state of fraud protection in the banking industry:
- Prevention has suffered as banks have struggled to adapt to thieves' changing tactics. "A three-year trend … is that prevention is falling precipitously," Blank says. "In 2009, 79 percent of the criteria, on average, were met by the (financial institutions); in 2011, only 54 percent of the criteria were met by the FIs."
- Banks have also struggled with detecting fraud, which increases its cost both to consumers and banks. "The fraudster obviously wants to remain undetected, and the longer they can stay out of the limelight, the longer they can impersonate you or have access to your account without you realizing it, the more effective their fraud is going to be," Blank says.
- Banks should be focused on prevention, since that's the area of security with the biggest potential payoff. "It's the hardest thing to do, but if you can prevent the fraud in the first place, the FIs don't lose any dollars due to fraud. The consumer doesn't lose any dollars or time and doesn't end up with any legal issues due to the fraud. So for our purposes, prevention is much more important than detection or resolution."
- Too many banks rely on customers' personal information to verify their identities. "They ask you your mother's maiden name or what high school you went to, and so much of that information is now being placed on social media," says Blank. "We also strongly believe that FIs need to take the step … of getting the Social Security number out of the authentication process. FIs are unintentionally training people to give up their Social Security number."
- The strongest fraud prevention measures get customers themselves involved, because the customer is best positioned to spot a phony. "These are crimes of impersonation. If I get your information, and I impersonate you, and I do it well, no amount of analytics, no amount of back-end systems are going to be able to detect that impersonation," he says.
- Despite the effectiveness and the relative ease of implementing them, many banks are not providing text alerts and other notifications that would help them spot a fraudster using their account. "For example, 80 percent of the FIs we surveyed offered low-balance alerts, but only 36 percent allowed you to have an alert for a foreign transaction," Blank says. "With the adding of a new e-mail address, the good news is 68 percent of banks have an alert for that, but it should be 100 percent because that's such a common way for fraudsters to get access to your account."
What do you think? Does your bank offer tools to help you spot fraud? Do you want them to?