2013 Banking Identity Safety Scorecard: Changing Tactics in the Face of Growing Account Takeover and New Account Fraud

In 2012, account takeover and new-account fraud each rose by approximately 50% over the previous year. These two fraud types impact consumers most severely, and they are historically more difficult for FIs to prevent and detect than any other major fraud type. Javelin’s Eighth Annual Banking Identity Safety Scorecard evaluated the top 25 FIs by deposit size based on their consumer?facing security features. FIs were scored according to Javelin’s Protection, Detection, and Resolution Model. Javelin updates its criteria and scoring system each year to reflect top industry standards and fraud trends emerging from consumer data and secondary research.

The purpose of this report is to assess the performance of individual FIs and the industry as a whole in staying ahead of fraudsters in a constantly evolving threat environment. In accordance with guidelines put forth by the FFIEC in its “Supplement to Authentication in an Internet Banking Environment,” Javelin tested the degree to which FIs are implementing compensating controls as part of their layered authentication systems. Javelin also placed special emphasis this year on solutions that empower consumers to fight fraud by giving them input into the process of blocking and flagging suspicious transactions. To this end, great strides were made this year in the area of user-defined limits and prohibitions (UDLAPs), which rose from 0% to 40% since 2011. The availability of review and release alerts and two-way actionable alerts, however, remains disconcertingly scarce, being offered by 24% and 16% of FIs, respectively.

Primary Questions

• What is the state of the current threat environment?
• Which fraud solutions are best adapted to mitigating current threats?
• Which FIs are best positioned to prevent, detect, and resolve today’s biggest fraud?
• Which practices have been commonly adopted by FIs, and which should be adopted?
• Are FIs appropriately layering authentication solutions for compensating controls?
• How have FIs changed their consumer-facing practices since 2011?

Consumer data in this report is based on information gathered from several Javelin surveys conducted in 2012.

• A random‐sample panel of 5,249 respondents in an October 2012 online survey.
• A random‐sample panel of 5,856 respondents in a March 2012 online survey.