Many banks are failing with online payment security and only mitigating risks

sincity · October 28, 2015

A new piece of research has revealed some disturbing statistics when it comes to the security of online payments.

The IT Security Risks Survey 2015 report, conducted by Kaspersky Lab and B2B International (and encompassing 5,500 company representatives from across 26 countries), found that a third of banks and payment services failed to offer a secure channel for their online payments.

That's a worryingly high percentage, and even more remarkable due to the fact that 50% of financial services organisations said they believed online financial fraud was on the increase.

The survey also found that 62% of respondents have noticed that significantly more customers are making online payments, and 65% said folks are increasingly using different devices (computers, tablets, mobiles and so forth) to perform online transactions.

However, only 53% of companies have introduced two-factor authentication, and just half of organisations operate a real-time antifraud solution.

Almost half of those surveyed – 48% to be precise – admitted they are in the business of mitigating any risks rather than trying to eradicate them.

Prevention is expensive

There's one particular statistic, though, which throws some light on all these previous percentages – namely that 29% said it was cheaper to deal with fraud incidents as they arose, rather than trying to prevent them from happening in the first place.

Ross Hogan, Head of SafeMoney Business Development, Kaspersky Fraud Prevention, commented: "The study shows that banks and payment organisations are finding it difficult to manage online financial fraud in today's connected, omni-channel consumer landscape. 38% of the organizations we spoke to admit that it is increasingly difficult to tell whether a transaction is fraudulent or genuine, with a worrying one in three opting for a 'we'll deal with it as it happens' approach to fraud protection."

He added: "If you consider that our own research uncovered 22.9 million financial malware attacks in 2014, targeting 2.7 million customers worldwide, it is clear that dealing with each incident individually is not a viable, long-term option. Customers deserve better and so does the financial services organisation."