The Challenge of Attributing Fraud LossesABA Executive Says Measurement Difficult
After reviewing the results of Information Security Media Group's Faces of Fraud Survey, Johnson, who oversees risk management policy for the ABA, says some of the losses attributed to corporate account takeover incidents in the survey may be misplaced.
"It is extremely difficult to measure some of these things," Johnson says in this interview with Information Security Media Group.
"Account takeover fraud has been with us for quite a few years," Johnson says. "And it will be something we have to continue to address in a variety of ways."
But losses tied to account takeover fraud are not necessarily increasing, as the ISMG survey results suggest, he contends. The ISMG survey shows that 36 percent of the more than 200 U.S. banking institutions surveyed say that in the last year they continued to suffer financial losses as a result of ACH and wire fraud. What's more, only 50 percent of the survey's respondents say they feel adequately prepared to prevent and detect account takeover fraud. And 44 percent say that investments made in the last year to curb losses linked to account takeover have had no measurable impact on ACH and wire fraud.
But Johnson contends those results may be skewed, based on the size of the institutions that responded to the survey. He points to research conducted by the ABA and Financial Services Information Sharing and Analysis Center, which shows financial losses linked to ACH and wire fraud are decreasing.
Johnson acknowledges that banking institutions must constantly monitor new threats and remain mindful of new schemes aimed at taking over accounts. But customer education is essential, he says, because the customer is typically the first point of compromise.
"Phishing continues in this environment, and phishing is often at the front end of corporate account takeover," he says.
During this interview, Johnson discusses:
- The consumer education challenges banking institutions face;
- The role forensics plays in fraud detection and prevention;
- Why "you can't manage what you can't measure."
Johnson leads the ABA's enterprise risk, physical and cyber security, business continuity and resiliency policy and fraud deterrence efforts. He has assisted in the ABA's release of a series of resources to deter bank robberies, assess information technology risk, deter phishing, safeguard customer information and buttress emergency preparedness. He also represents the ABA on the Financial Services Sector Coordinating Council, which advises the federal bank regulatory agencies on homeland security and critical infrastructure protection issues. And he serves on the BITS/Financial Services Roundtable Security Steering Committee.