Lesson Learned: Securities and Brokerage Firms Follow Banks' Lead in Thwarting Identity Theft and Online Fraud |
|
|
|
Written by U.S. Insurance News
|
|
Monday, 18 February 2008 |
What they can't do to banks anymore, identity thieves and perpetuators of fraud may attempt on securities and brokerage firms.
But high-tech criminals should be warned: a majority of these firms will be ready for you.
According to a recent survey from Digital Resolve, securities and brokerage firms are learning from the banking industry how to take a more aggressive approach against online fraud and identity theft.
They must be learning well: 80 percent of respondents' firms claim they have not experienced an incident of identity theft or online fraud within their online channel.
Digital Resolve, which makes online authentication and fraud detection products, said that many firms report they have implemented technology to thwart attempts of online fraud and identity theft. However, almost one-third have not yet employed solutions to address these threats.
"We conducted this study to examine the issues of online fraud within the securities and brokerage industry as well as to evaluate the marketplace's readiness to circumvent the attacks associated with this fraudulent activity," explained Dennis Maicon, executive vice president of Digital Resolve. "A secondary goal was to look at the type of solutions security professionals were employing."
Seventy-six percent of the securities and brokerage professionals responding to the survey believe their companies fully understand the seriousness of online fraud and identity theft. They also acknowledge the ramifications for their firms and for the industry as a whole if they do not address these threats aggressively.
"As banks continue to strengthen their online security, criminals will move to industries they deem more vulnerable, such as securities, brokerage, insurance, and even non-financial targets," said George Tubin, research director at TowerGroup. "Securities and brokerage firms, in particular, have taken a good, hard look at the trials and tribulations experienced by the banking industry-especially as it relates to the mandates within the FFIEC guidance."
An October 2007 TowerGroup study indicates that almost all (95 percent) U.S. banks are now compliant with the FFIEC (Federal Financial Institutions Examination Council). And, Tubin says, preliminary results, based on anecdotal observations, show fraud has decreased 30 to 40 percent in the online channel from 2006 to 2007 due to the government's authentication guidance.
According to the Digital Resolve survey, 82 percent of respondents anticipate that the Securities and Exchange Commission (SEC) will mandate regulations for strengthening online security, such as those introduced for the banking industry by the FFIEC. Those impending regulations, along with unauthorized systems access and customer data breaches, are cited as the top three security concerns of those participating in the Digital Resolve survey.
Tubin isn't surprised by this. "Taking yet another page from the banking industry's playbook, we're seeing these three key issues intimately tied to one another in the fight against online fraud, so it's natural that securities and brokerage firms have these concerns top of mind when it comes to risk-based authentication technologies," he said.
While some securities and brokerage firms ponder what, if anything, they should do to prevent online fraud and identity theft, Maicon wants them to consider this. In the rapidly-changing world of online criminal activity, effective security can't be a one-size-fits-all approach.
"It is important to implement technologies that address all of a firm's top security concerns while covering every customer touch point," Maicon said.
Maicon added that an integral part of security is the use of different layers and types of technology to prevent and detect online fraud.
According to the Digital Resolve survey, securities and brokerage firms say they are already taking a multi-layered approach to fight online fraud. Of the respondents who currently use security technology, about two-thirds claim to have deployed both multi-factor authentication and transaction monitoring. Others are also integrating tokens, smart cards, and mutual authentication.
|
