What are the odds that the head of a company that tracks financial fraud would have his own bank account breached? James Van Dyke, president of Javelin Strategy & Research, certainly found it ironic when Wells Fargo alerted him to a fraudulent transaction six months ago.
He was also glad he had signed up for a service that notifies him every time there’s a credit card transaction that occurs in his California business’s name.
“At first, it seemed like a lot, but now the mobile alert is comforting,” he said.
In a way, the incident came as no surprise to Van Dyke as his firm has recorded an uptick in identity fraud via electronic banking. Thieves have become more brazen in their attempts to access account information, but banks have become sharper in identifying and resolving problems.
Online and mobile banking capture a wealth of consumer data too appealing for hackers to pass up. Reported breaches in banking data are few and far between. Nevertheless, financial institutions are routinely updating their security platforms to ensure the safety of client data.
However, as companies outsource functions, such as electronic marketing, to third-party vendors, they run the risk of being exposed to cracks in the system. Businesses and consumers can also be their own worst enemy by neglecting to take precautions with protecting their information when engaging in online and mobile banking.
In a recent Javelin report, the firm found smartphone owners were more likely to encounter identify fraud than the general population. Roughly 6.6 percent of mobile device owners surveyed experienced fraud in 2011, compared to 4.9 percent of all consumers.
A third of smartphone and tablet owners saved personal information on their devices, yet only 16 percent installed software capable of remotely wiping the device if needed. Consumers, researchers found, were not adjusting personal security practices to accommodate the additional risk.
Online and mobile, Van Dyke said, can place you at greater risk as there are more points of entry to access your information, be it through malware or accidentally forgetting your device somewhere without it being password protected.
“Those devices can make you a victim, but they can also make you safer thanks to mobile alerts, device finger printing and so many other measures that banks are employing,” he said.
At McLean-based Capital One, for instance, there are firewalls, anti-malware defenses, password encryptions, application security testing and activity monitoring, to start.
“We have developed a layered security strategy that combines preventive and detective mechanisms to protect our customer’s online accounts against unauthorized access,” explained Capital One spokeswoman Pam Gerardo.
The bank’s own security might rival that of Fort Knox, but the same is not always true of its vendors. In March 2011, Capital One was among dozens of companies, including Hilton and Best Buy, exposed to a security breach at marketing firm Epsilon Data Management. Hackers accessed e-mail addresses stored in the Irving, Tex., company’s files, which did not include any financial or identifiable information about customers.
Capital One, similar to other companies, alerted customers to the breach, which set off a whirlwind criticism of Epsilon and led to congressional inquiries into the company’s practices.
Epsilon’s Chief Information Security Officer Chris Ray declined to discuss the particulars of the case since the investigation is still ongoing. But he said the company has added more controls to protect against future attacks.
“Because there are all of these different areas that data can be accessed now we look at consolidation, making sure we don’t have 10 different solutions,” said Ray, who joined the firm in January. “There are advances to really have a centralized view of all of your alerts.”
Proportion of smartphone users who dealt with fraud in 2011, according to a Javelin report.