FSA report criticises banks for not doing enough to protect customer data

But banks must put effort into detecting fraudulent actions at the 'point of transaction'.

Tim Thompson, Managing Director of 41st Parameter UK & EMEA, argues that the FSA report is a good beginning, but does not go far enough to protect the customer.

Last week's FSA report on Data Security in Financial Fraud (April 2008) criticised the UK's banks and financial services for failing to effectively identify and mitigate security risks surrounding the security of customer data. However, much of the subsequent commentary has focused on the criticism which covered only one aspect of the problem - the danger of information being lost by the banks, either physically misplaced or through a lack of security of their data networks. The FSA report shows quite accurately how banks should work to prevent this. In particular, it talks about a multi-layered approach to security.

We welcome the report - the first of its kind - but support the idea that a bank's responsibility for multi-layered security is not limited to inside the bank. Data can be phished from other sources and banks have a duty to protect the integrity of their clients' data. Many banks are already responding to the gravity of this risk by adopting a wider multi-layered approach to protecting customer data by working with their partners to take data security to the 'point of transaction'.

Whatever the approach of the fraudster, there must always be another barrier in the way. For example, beyond the initial firewall, additional password and encryption barriers, combined with real-time tracking capabilities, can identify devices that were initially refused admission to a site but have changed their identity to try and gain access. Studies have shown that it takes fraudsters a matter of minutes to do this.

Here, Client Device Identification (CDI) is an extremely valuable anti-fraud tool that helps identify suspicious transactions by capturing and identifying device characteristics during the login process. It adds new layers and strength to a company's security without changing the user's behaviour, without leaving tags on the device and without 'showing your hand' to the fraudsters.

Banks can put every procedure in place to stop identity theft taking place, however fraudsters are continually innovating to render new anti-fraud systems redundant. Sadly this is the reality of the industry and if data loss does occur, then banks have to play a significant role in ensuring that the data cannot be used if it ends up in the hands of fraudsters.

About 41st Parameter
41st Parameter is the leader in Internet Fraud Management solutions, which detect and prevent online fraud for e-commerce companies and financial institutions. By continuously collecting new and unique parameters from end-user computers during online account access or order processing, 41st Parameter's patent-pending technologies enable forensic identification of PCs and online devices. With the most accurate client device identification in the industry today, the company prevents online fraud and improves operational efficiencies, while saving time, money and protecting legitimate customers. None of 41st Parameter's solutions require end-user registration, enrollment, downloads or installations. To find out how 41st Parameter is making fraud history, visit www.the41.com or contact Manuela Whittaker on +44(0)1780 721 433 or email her at mwhittaker@iba-europe.com.


Issuers of news releases, not Targetwire, are solely responsible for the accuracy of the content.