Internet banking fraud in Netherlands increases more than 4 fold

The Dutch Banking Association (NVB) provided numbers on how much fraud there is in the Netherlands with internet banking (in Dutch). Since we’re doing a project called cidSafe for several companies in the financial sector in the Netherlands on consumer identity (see this recent presentation in English, or the website which is mostly in Dutch), I was very interested in these numbers.

The fraud with internet banking in NL is  €4.3M for the first 6 months. Although I agree with the NVB that this in itself is not a huge number, the increase is very big. In the whole of 2009 the fraud was €1.9M, thus an increase of about 450%! By the way, victims of internet banking fraud are usually reimbursed by their banks, and all Dutch banks use two-factor authentication. Compared to the numbers recently released in Germany, internet banking fraud seems a somewhat bigger problem in the Netherlands than in Germany (with an estimate of €17M in 2010 about twice as much fraud as NL, but with 5 times more inhabitants). Also in Germany there is a big increase in internet banking fraud compared to 2009.

The NVB press release mentions phishing as the main method of fraud. I couldn’t find more details on this, but simple phishing of username/password won’t work since all internet banking services in NL use some form of two-factor authentication (smartcard or SMS one-time-password based). Malware attacks are becoming more advanced, as e.g. the recent “Zeus In The MObile” malware showed that can even spread from desktop to mobile using social engineering. This article (sorry, again in Dutch) states that most attacks are a combination of relatively simple phishing or malware (keylogggers) with social engineering to get the second factor.

If the increase in internet banking fraud would continue for a couple of years  this will become a very serious financial problem (€39M in 2011?, €174M in 2012?). Add to this the emotional impact on victims and reputation loss for banks, and this increase in fraud is something to worry about. The weakest links appears to be 1) the home PC (and smart phone) and people’s ability to keep this malware free, and 2) people being subject to social engineering attacks. The question for me therefore what is more effective for banks to invest in:

  • educating their customers, on the importance and ways to keep their PC/smartphone malware free, and to make them less susceptible to social engineering attacks, which will no doubt help but is not a silver bullet, or
  • invest in technology, by providing more secure authentication means that are (not or) less sensitive to malware and social engineering attacks, which is very expensive and can be very annoying for users.

The alternative for banks is to wait and see if others (police, government, operation system vendors, anti-malware vendors etc) will be able to counter this increase in internet banking fraud, this is however not what I expect they will do, as is also shown by the new awareness campaign by NVB.

6 Responses to Internet banking fraud in Netherlands increases more than 4 fold

  1. […] Internet banking fraud in Netherlands increases more than 4 fold « Maarten Wegdam's Blog […]

  2. […] This post was mentioned on Twitter by Mikko H. Hypponen, Steve Werby, Steve Werby, Heat Miser, Sandro Süffert and others. Sandro Süffert said: RT @mikkohypponen Banks rarely publish their internet fraud figures, NL is a exception. Fraud up %450 in 2010! http://bit.ly/bx3RHD […]

  3. […] are going to continue to get worse before they get better. The Dutch banking Association recently published statistics noting that phishing is up 450% over last […]

  4. […] October 2010 the Dutch Banking Association (NVB) provided numbers on internet banking fraud in the Netherlands indicating an increase of about 450% in the first 6 months of 2010. Yesterday they provided updated numbers: over the whole of 2010 […]

  5. The fraud with internet banking is really a very big issue in the Netherlands. Netherlands is not the only country who is using online banking service there are other countries too who are using this service very well with out any fear of fraud . I think there is a big problem in the internet connectivity which need to be find and corrected as soon as possible.

  6. […] are going to continue to get worse before they get better. The Dutch banking Association recently published statistics noting that phishing is up 450% over last […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s