The House of Lords Science and Technology Committee has
questioned representatives of Apacs and Visa over online computer
crime in the financial services industry.
The witnesses were pressed on what mechanisms the financial
industry had put in place to protect people using online banking
and other online financial services.
Sandra Quinn, a spokeswoman for Apacs, was asked – with online
banking fraud increasing by 90% to £23.2m in 2005 – how much banks
are now losing to internet fraud and whether they expected the
growth in fraud to continue.
Quinn replied, “We have half year figures for 2006 and the
figure stood at £22.5m, an increase of 55% on 2005. The rise won’t
be as high in percentage terms as the rise in 2005. But it is
certainly not going to be a non-dramatic rise. It is still of
concern.”
Apacs’ evidence suggested that the number of phishing incidents
rose by 8,000% between January 2005 and September 2006.
The committee asked if this increase was likely to continue.
Colin Whittaker, head of security at Apacs, said, “Phishing
accounts for anywhere between 25% and 50% of the attacks we see
that cause losses on customers’ accounts.
“It seems people are falling victim to phishing attacks less
often, which is one of the reasons there has been an increase in
the volume of phishing e-mails.”
The Apacs witnesses were then pushed on why they would not name
the worst performing banks for online fraud.
Lord Broers, the committee chairman, asked if this was because
Apacs was a representative organisation of banks rather than their
customers.
Whittaker said, “I don’t think there are any bad or good banks
in this case.
“It’s not that banks are or are not secure; as it’s not the
banks that are being attacked. It is their customers who are being
attacked and the level of security they deploy is relatively
equal.”
Sandra Alzetta, Visa vice-president for consumer market
development, was asked about the security of online shopping.
She said Visa had introduced the Verified by Visa programme for
online merchants to use on their sites.
The scheme enables the customer’s own bank to ask them personal
security questions linked to their account, before money is paid to
the online merchant they are logged onto.
Comment on this article:
computer.weekly@rbi.co.uk