Banking fraud increases

Although hacker attacks have about doubled in the last three months, banks and security experts say enough is being done to address the problem.

Locally, fraud has been picking up "more and more" - especially fraud perpetrated through keylogging - explains First National Bank (FNB) Online CEO Chris Kotze. Over a typical weekend, FNB sees as many as five hacking attempts, about double what it was.

However, Nedbank`s head of virtual channel Maire Eltringham says that Nedbank has not had an increase in incidents, although the industry in general has seen an increase, and public perception of these types of incidents is increasing.

"The larger proportion of these attacks cannot be attributed to banks. Banks have employed world-class security measures," says Karel Rode, business technologist for the eTrust security management division at CA.

Internet fraud is a global phenomenon, says Kotze, adding that UK bank Barclays has placed a limit of lb5 000 on its accounts to limit the effect of fraud.

"I`d say that SA is on par with overseas banks when it comes to these types of hacking incidents," says Rode. "But it must also be noted that out of 100 attacks in the US, only six get announced, and one goes to court."

A recent Deloitte`s Australian Office 2006 Global Security Survey indicates identity theft is this year`s "number two IT security hot button". The survey, conducted in Europe, Middle East and Africa, Asia Pacific, Latin America and the Caribbean, spoke to 31% of the top global financial institutions in terms of market value. It also gleaned information from 34% of the top 100 global banks and 16% of the top 50 insurance companies.

Some 53% of respondents named phishing/pharming as their top threat, bolstered by the fact that 51% of respondents had experienced this form of theft.

"This does not mean that users have to stop using banks or even Internet banking, but they need to change the way they use these services," Rode insists. "With regards to using public PCs, it just makes sense that you cannot control something you don`t trust."

According to the Deloitte survey, the US Federal Financial Institutions Examination Council has said that a user ID and password combination is no longer sufficient to combat increasing threats.

Kotze says FNB is investigating a compulsory one-time PIN number facility that could reduce the amount of fraud by up to 80%. Absa and Standard Bank are also investigating this measure, he says. Nedbank says it already has such a system in place, as payments to third-party accounts that are not pre-registered on a customer`s profile require additional security by means of SMS authorisation. This results in a reference number being sent to the client`s cellphone before the payment can be made.