Key findings of this survey are:
1. Over 20% of banks reported to have been the victims of phishing/pharming during the last one year.
2. For Stronger User Authentication: software based two-factor authentication [2FA] methods, namely phone factor or device fingerprinting, is gaining increasing popularity over the traditional one-time pin [OTP] generating hardware security devices, because of lower cost and user convenience. Over 30% of respondents now prefer it for their new implementations - a growing trend among the financial institutions.
3. All respondents were aware that integrating Stronger User Authentication, with Fraud Detection, and Risk-Based Transaction Authorization is the strongest form of defense against Online Identity Theft, MITM attacks and Financial Frauds. Clearly, there is increasing desire to take holistic approach to transactional security & fraud prevention.
4. "Integrated/holistic" approach to transactional security and fraud prevention/risk mitigation is clearly becoming a preference over "point" solutions.
5. Accordingly, preference for "stand-alone" 2FA is clearly declining with the availability of "integrated/holistic" solutions. Over 30% respondents now prefer integrated solution for their new implementations: fraud detection and risk based transaction authorization together with stronger user authentication, for transactional security and fraud prevention.
6. Operational risk, also called transactional risk, still do not attract enough importance in the financial institutions compared to credit and market risks. This however is changing with new regulatory guidelines, result of alarming increases in identity theft, and online financial frauds including external and internal frauds. Results clearly show that online security and surveillance is a business issue!
7. Financial crime surveillance slowly but surely is gaining ground.
8. Over 70% of banks still do not have dedicated budget for online security. Online security is still part of the IT budget.
9. Identity management and/or fraud prevention, and risk management, are the top two security agendas for 2008 for ME banks.
10. Awareness of the impact of online security incidents is still quite low. 75% of respondents were not well aware of online security incidents in their own bank.