Network World reports, “The Financial Services Information Sharing and Analysis Center (FS-ISAC) polled 77 financial institutions and asked how many account takeovers occurred in 2009 and during the first six months of 2010. The FS-ISAC consists of a group of banks that shares threat information and interacts with the federal government on critical infrastructure issues. Its members include Citi, Prudential, Bank of America, JPMorgan Chase, Goldman Sachs and Wells Fargo, among others.”
Account takeover occurs when thieves infiltrate your existing bank or credit card account and siphon out your money. This typically occurs after your account has been hacked or your credit card or personal identity has been stolen.
21 of the institutions polled reported a total of 108 commercial account takeovers during the first six months of 2010, compared to 86 for the full year of 2009.
In 2010, 36% of fraud attempts were successfully thwarted, whereas 2009, fraud was only prevented 20% of the time.
I have previously referenced a report from Javelin Strategy: “When examining account takeover trends, the two most popular tactics for fraudsters were adding their name as a registered user on an account or changing the physical address of the account. In 2010, changing the physical address became the most popular method, with 44 percent of account takeover incidents conducted this way.”
Unfortunately, FS-ISAC’s study failed to disclose what methods were used to thwart the account takeovers. Many financial institutions are protecting their users and themselves by incorporating device identification, device reputation, and risk profiling services to keep scammers out. Oregon-based iovation Inc. offers the world’s leading device reputation service, ReputationManager 360, which is used by leading financial institutions to help mitigate these types of risk in their online channel.