Banks urged to join online fraud network

The spammers and phishers seem to be most active over the weekend so its no surprise to find Monday morning's email box has more than its share of rubbish. And it wouldn't be a Monday morning without a phishing spam on behalf of a local bank, in this case the Commonwealth Bank of Australia's Technical Service asking for personal details of my bank account because they had scheduled a software upgrade to improve the quality of the banking services!. I don't have a Commonwealth Bank account so I immediately trash the email. But how many Commonwealth Bank customers get caught out in this scam? We will never know. So far the Commonwealth Bank and the other major Australian and New Zealand banks have not tapped into the eFraudNetwork community set up by RSA.

The RSA eFraudNetwork community is a cross-bank, collaborative online fraud network which includes dozens of the leading global financial institutions and some of the world's leading ISPs, providing a holistic view of today's fraud environment. The eFraudNetwork community shares fraudster information across multiple banks in real time; when a fraudster attack is identified against one of its members, all others are instantaneously protected as well. Today, many of the world's top 50 banks, including Bank of America, Credit Suisse, HBOS, ING Direct, Barclay's and Washington Mutual benefit from being part of this global eFraudNetwork community. The eFraudNetwork initiative is a logical supplement to the "know your customer" benefits of transaction monitoring and adaptive authentication. Over 3,500 institutions have chosen to be part of the network. There has been a flurry of activity since the Federal Financial Institutions Examination Council's (FFIEC) has issued an inter-agency guidance on authentication in Internet banking.

Geoff Noble RSA finance and banking specialist said the Adelaide Bank is a member and other banks are now looking at tapping into the service. Two large non-financial institutions have signed up but financial institutions are on the whole quite reticent about disclosing security arrangements.

With the take-over of RSA last year by EMC, Noble said, "We have only had a dedicated focus on educating the financial institutions locally since August 2006. We are now talking to the banks, building societies and credit unions. Some of the representatives from these financial organizations traveled to San Francisco over the last fortnight to the annual RSA conference. They heard quite frank case studies on authentication and the different levels of security from large US financial institutions at the conference.

"Nurturing consumer confidence in online banking security is crucial to the future development and adoption of this channel. It is important how to introduce fraud to the online banking community devoid of scaring them from the channel. Banks need to inspire confidence whilst at the same time, educate their users and build a strong level of brand trust and loyalty. However, in order to retain consumer confidence the ease of use, security and robustness of offerings of the online banking channel must be preserved. At the same time, consumer authentication must be effective, reliable and trustworthy.

"Banks can decide how visible or transparent their authentication measures are. However, the concept of offering online banking communities different levels of authentication is important as all parties have various degrees of security requirements. It is recommended that all accounts be monitored for anomalous behavior with the provision of a step-up authentication process. One size does not and cannot fit all.

"For example, business customers who transact large amounts of assets may request strong time synchronous two-factor authentication. For the broader population of users, step-up authenticators such as out of wallet questions, an out of band phone call or a one time password via SMS, IVR or email may only be required if a transaction is deemed as high risk," said Noble.

• Share this Article:
• digg this
• add to del.icio.us
• StumbleUpon
• RSS Feeds