Computer Crime Research Center


Computer crime: The Australian facts and figures

Date: July 19, 2005
Source: Herald Sun
By: George Lekakis

Internet fraud is costing the National Australia Bank about $1 million a month and it could blow out to as much as $30 million a year by 2008.

The NAB figures suggest online losses by all banks could already be close to $70 million a year.

In a confidential document seen by Herald Sun BusinessDaily the bank is warned: "Internet banking fraud is on the increase with the . . . industry under siege from criminals who are using increasingly sophisticated ways of capturing customers' personal details." It also claims crooks are "tricking customers into becoming couriers and moving stolen funds out of the country."

The highly sensitive document was issued to senior technology executives as part of a drive to boost online banking security in order to stem a "tide of losses".

Although the report is dated July last year, and led to a security boost two months ago that has put the NAB ahead of other big banks, it is believed the rate of fraud is still growing.

The report, which was presented to NAB's general manager of cards and personal loans, Andrew Maitland, stresses that the "National's reputation and customer confidence are being undermined by negative media publicity surrounding these frauds and the security of internet banking".

The NAB, like other big banks, rarely comments on the issue of online fraud, and is always at pains to describe the system as secure.

The report paints a quite different picture. It describes the growth in fraud in the year to June 2004 as "exponential".

For the month of June itself, the bank incurred $1 million of internet banking fraud, most relating to what is known in the industry as "Type 007" activity.

Type 007 fraud includes internet banking losses on customers' savings and transaction accounts arising from fraudulent use of worms, viruses and fake websites.

According to the report, the bank typically only recovers 30 per cent of such losses.

In 2003, NAB and its customers were subject to internet banking fraud totalling $2.04 million.

Net losses in that year were $1.5 million after investigations resulted in some recoveries. The report states that potential losses are expected to rise to $6.1 million this year and $8.3 million in 2008.

However, under worst case scenarios cited in the report, NAB's technology executives predict the bank could lose up to $14.1 million this year and up to $31.5 million in 2008.

In a startling observation, NAB claims in the report that other Australian banks took bigger hits on internet fraud in 2004.

"While the National's losses are substantial ($1.5 million and rising) they are not as substantial as some of the other Australian banks (one of which has lost over $25 million this financial year)," the report states.

Data in the report points to four trends in security breaches in the six months to the end of March 2004.

The first is that the frequency of internet banking fraud rose almost sixfold in the period. In October 2003, there were only 11 reported incidents of internet banking fraud in NAB's Australian business. In March 2004 the number of reported cases was 60.

The second trend detected is that the value of potential monthly losses soared more than 12 times, from $51,000 to $634,000.

The third trend is that the proportion of funds recovered fell from 58 per cent to 21 per cent.

The final trend is that the average value of internet fraud incidents doubled from $5000 in October 2003 to more than $10,000 in March 2004.

To avert the worst-case forecasts, the bank introduced in May this year a second layer of security for internet customers, known as SMS authentication.

According to the report, NAB will consider introducing a cap on funds that online customers can transfer if they do not register for the SMS service.

At the moment there are no limits on BPAY transactions.

While the SMS service is currently marketed as a voluntary security offering, NAB might consider making it compulsory if fraud losses continue to run out of control.

"To fully realise the financial benefits of this project, we recognise the need to make SMS authentication mandatory at some point," the report says.

The NAB executives state in the report that the bank will be able to reduce the incidence of internet banking fraud by 90 per cent when it gets 90 per cent of online customers register for the SMS service.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo