Online banking account takeover fraud may be bigger than we think

Charles Jester at security firm ESET has written a great article looking that how banks report online electronic crime.

We know from public reports and various lawsuits that cyber criminals have been targeting users of online commercial banking sites, breaking into their accounts, and transferring hundreds of thousands and sometimes millions of dollars.

But how are banks reporting these losses?

Banks in the USA must file a Suspicious Activity Report (SAR) with the US Treasury Department’s Financial Crimes unit, FinCEN.

Interestingly, Jester has been tracking the number of these reports. Since 2003, there has been a very large increase in SARs. However, these are all filed as “Other”, and there is no detail available as to what these SARs are reporting on. Jester suggests that this steep climb in SARs corresponds to the rise of phishing and malware that compromises online banking accounts. Here is the graph from his article.

By looking at public reports by the FBI and journalists like Brian Krebs (http://krebsonsecurity.com/), I estimate that online commercial bank account losses will reach $1 Billion in 2010 in the USA.

I did some quick calculations from NACHA fraud data around ACH transactions, and I compute that all fraud on the ACH networks in the USA looks to be about $6 Billion in 2009. NACHA downplays this by saying that fraudulent ACH transactions were only 0.02 percent of all the ACH transactions. But when you consider that approximately $30 Trillion was sent via ACH transfer in 2009, the fraudulent transactions would be 3.75 million transactions and add up to about $6 Billion. How much of this is related to online crime?

Similar Posts:

Share

Leave a Reply