Battle Against Account Takeover

As fast as banks plug the holes in their security dams, criminals are finding alternative ways to take over customer accounts. “Even though we probably have a better ability to identify and catch these guys, they are quicker than ever before in their ability to evolve, and they can also escape our clutches better than ever before,” says Sam Romano, vice president of corporate security at the $130 billion-asset Regions Financial Corp. in Birmingham, Ala.

Romano will be speaking about ways to combat this threat at the BAI Payments Connect 2012 Conference & Expo on March 12 in a session entitled “Traditional Tools and Technology, too: The Battle Against Account Takeover.” He will be joined by Cathy Davis, vice president of fraud services for the $61 billion-asset Comerica Inc. and Silvia Sarra, manager of loss prevention systems, Sovereign Bank.

Romano says that account takeover is now more troublesome than ever before because the advent of new technologies has caused the “life cycle of fraud schemes” to evolve at a faster pace than ever before. The key to reducing the number of takeovers is to educate both bank employees and customers on how to spot the latest scams asking for account information or for money outright, he says.

For example, one current scam involves a criminal posing as an elderly person’s grandson wrongly jailed in a foreign prison. The criminal then asks for the elderly person’s wire account number and password to help free him, Romano says.

Regions routinely conducts seminars with its business customers to educate them on how they can better protect their commercial bank accounts from thieves – both outside and inside their organizations, Romano says. Businesses should institute “dual control” procedures that require more than one person to oversee bank accounts in order to reduce the chance of embezzlement from either their bookkeepers or from an outside accounting firm that handles their books. Companies should also look for any unusual lifestyle changes of those working in sensitive financial areas, he says.

Davis says that new fraud schemes are also popping up within the mobile channel, including fake mobile apps operated by fraudsters and “smishing” – texting scam messages to people’s cell phones to get them to text back their account information. Moreover, criminals are finding new ways to compromise online banking sites and are developing new types of Internet scams.

Davis says that banks can direct employees and customers to websites that detail how they can better detect the latest scams, e.g., those hosted by government agencies such as the Federal Bureau of Investigation or the Federal Trade Commission and by nonprofits such as the National Cyber Security Alliance, which hosts staysafeonline.org. Banks can also join the FS-ISAC Account Takeover Task Force, a partnership of industry associations and government and law enforcement agencies formed in 2010 to address this type of fraud, she says.

“Cyber criminals never stop finding new ways of stealing information, but banks can find ways to mitigate the threats,” Davis says.

Ms. Kuehner-Hebert is a contributing writer to BAI Banking Strategies based in San Diego, Calif.