More info: https://www.e-secure-it.com/upload/348032.pdf
To download a copy of the PDF, courtesy of E-Secure-It.com click the link above. Click the graph on the left to enlarge.
Executive Summary
Experts know there are more stolen credentials in the hands of the cybercriminals than ever before.
And, we’re seeing more fraudsters cash‐out using stolen credentials with unprecedented speed. Last year, RBS WordPay reported their debit card payroll card system was the victim of a hacking ring compromising over one million personal records. What was different about this hack, however, was the speed with which the cybercriminals behind the hack were able to cash‐out. News agencies in the U.S. reported that nine million in cash was netted by cloning cards in 49 cities across the globe in the U.S., Canada, Russia and Hong Kong all in about 30 minutes1. Similarly, in the U.S., PIN cashers were able to withdraw five million in less than 48 hours from Citibank2 using compromised prepaid debit card accounts.
In testimony at Homeland Security Committee hearings about data breaches, the Department of Justice said “the problem has grown so big federal prosecutors across the country are pursuing 2,000 cases related to identity theft” and that “the number of convictions for identity theft have more than doubled – a 138 percent increase, in the last four years.”3
Combine this testimony, and the attacks mentioned above with the Heartland Breach – the largest data breach on record as far as number or identities compromised – and 2008 will be remembered as the year the cybercriminals not only perfected their identity‐stealing skills but also their bank robbing skills.
To try and understand how online fraud and data breaches are impacting multiple industries and organizations, the Program Committee of the eFraud Network™ Forum (eFN)– a global group of antifraud professionals from the financial services, payment, merchant and law enforcement community created its first in‐depth survey about online fraud.
We received 104 responses from individuals representing organizations in many different industries and countries. We provide information about the survey respondents and our methodology in Appendix A.
Key Findings: The 2009 Online Fraud Benchmark Report highlights five significant findings:
• Data breaches are no longer a rarity and current regulations are not working.
• Spending to prevent fraud is up or holding steady through 2009.
• More cross‐industry information sharing is needed to prevent online fraud.
• We still don’t know the economic damage of the Heartland Breach.
• There is a direct correlation between the number of attacks and number of customer accounts
managed by the survey participants.
1 http://www.myfoxny.com/dpp/news/090202_FBI_Investigates_9_Million_ATM_Scam
2 http://blog.wired.com/27bstroke6/2008/06/citibank‐atm‐se.html
3 See: http://www.cnn.com/2009/US/03/31/identity.theft/index.html
