« Software Assurance Maturity Model (SAMM)

Is Email Within the Scope of a Web Application Security Test? »

31 March 2009

Online Banking Fraud Is Up, But Not THAT Much!

UK online banking fraud up 100 fold? This caught my attention.

I had missed the release of the 2008 online banking fraud figures by APACS, but I subscribe to the Technology Risk Newsletter by cyber insurance underwriter CFC Underwriting Limited. Their headline "Cybercrime: Online banking fraud increases a hundred-fold" caught my attention.

Partial screen capture of CFC Underwriting's email newslatter with the headline 'Cybercrime: Online banking fraud increases a hundred-fold' and text 'Online banking fraud in the UK has reached £52.5m – a 132% increase on 2007's figure of £22.6m, figures from payments industry association Apacs show. A ZD Net Asia report notes that according to a spokesperson for Apacs, the rise can partly be attributed to the increase in people accessing their bank accounts online – and the attention that they attract from phishers. 'Hand in hand with a growing number of users behind the scenes, the fraudsters have woken up to that particular area of interest', she said. Phishing attacks rose by 71% in the same period, while malware attacks designed to steal banking details have also grown.'

On closer inspection, it seems that 132% has been equated with a 100-fold increase. I know it's bad, but it's not THAT bad. 132% is more like a 2-fold increase; 100-fold would have been an 9,900% increase. I would definately have been shocked at that. So just a mistake in the headline then, phew! But the increase is still significant and seems to relate to fraud moving to transactions not protected by chip and PIN.

General cyber crime affecting all types of websites may not be targetted at the organisation; instead it is the end users who are the target. Do you want your website to be responsible for distributing malware?

Remember, if you are considering cyber liability insurance, insurance doesn't prevent security incidents—you still have to deal with the effects, whatever the costs are.

Posted on: 31 March 2009 at 09:33 hrs

Comments (0) | Permalink | Send | Post to Twitter

Comments

Comments are filtered automatically and should appear shortly after they been checked.

Post a comment

Latest Posts

US and Ireland Application Security Conferences 2010

User Tracking in the News

CAP Code Remit Extended Online

HTTP Strict Transport Security

Automated Attack Responses by Web Applications

E-Commerce Due Diligence

Discussion Activity

Albert on E-Commerce Due Diligence

Rob Lewis on When is a Vulnerability not a Vulnerability?

Roger Oberg on Software Insecurity Analysis

Someone on Software Assurance Labelling

Alisha Paul on Moderate User-Generated Content But At Your Own Risk

Security Principles

confidentiality

availability

integrity

authenticity

non-repudiation

compliance

Topic Tags

about accessibility administrative aggregation architecture authentication authorisation availability awareness business logic caching categories classification code configuration continuity cookies corrective data protection detective development disposal dns domains due diligence encoding firewalls guidelines hosting identity ids incidents information assurance infrastructure injection insurance ip addresses leakage legislation logging maturity monitoring operation padss pcidss physical poisoning policies preventative privacy procedures retention risks safety sdlc servers session software,application,security,report specification sql ssl standards technical testing threats transaction traversal trust validation vulnerabilities xsrf xss

Subscribe

Subscribe to the full RSS feed or partial (summarised) RSS feed. Alternatively receive the blog via email by submitting your email address below.

Search

Clerkendweller

Colin Watson (Clerkendweller) is a chartered information technology professional, certified information systems security professional and certified information systems auditor. He is based in London as principal consultant with web security consultancy Watson Hall Ltd. More about...

Photograph of Colin Watson MSc CITP CISSP

Colin Watson also has profiles on LinkedIn and Twitter.

End notes

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

The Web Security, Usability and Design blog is published by Clerkendweller under the following terms of use and privacy statement.

© 2009-2010 clerkendweller.com

Online Banking Fraud Is Up, But Not THAT Much!

http://www.clerkendweller.com/2009/3/31/Online-Banking-Fraud-Is-Up-But-Not-THAT-Much

ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Page http://www.clerkendweller.com/2009/3/31/Online-Banking-Fraud-Is-Up-But-Not-THAT-Much
Requested by 38.107.191.107 on Friday, 10 September 2010 at 17:19 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2009-2010 clerkendweller.com