Research and Markets
Javelin’s 2009 Banking Identity Safety Scorecard ranks banks and credit unions on their customer-facing identity fraud Prevention, Detection and Resolution™ capabilities. Leveraging the nation’s most comprehensive study on identity fraud, Javelin updates the Prevention, Detection and Resolution™ criteria each year to show specific ways that individual financial institutions (FIs) can increase customer safety and loyalty through enacting comprehensive security measures and by partnering with account holders to fight identity fraud. Javelin uses a combination of mystery-shopper calls (averaging 6.2 per institution) and extensive website research to score the leading 25 U.S. FIs by gross annual deposit volume against relevant Prevention, Detection, and Resolution™ criteria; collectively this study represents approximately 50% of the U.S. market in 2009 by dollar value of deposits, according to the FDIC.
Financial institutions made significant strides in prevention, jumping 27 percentage points from last year, and also slightly improved in detection and resolution capabilities. With six new banks entering the top ten in overall rankings this year and seven new banks leading the pack in prevention, smaller banks have raised the bar in prevention, the most weighted safety area of the identity safety scorecard.
- How can banks and credit unions benchmark their efforts to battle against a $48 billion U.S. identity fraud problem?
- Which financial institutions rank highest against Javelin’s customer-facing Prevention, Detection and Resolution™ criteria?
- What type of account protection capabilities should banks and credit unions implement to increase customer safety through Prevention, Detection and Resolution™?
- Within the U.S. banking industry, where is banking safety the strongest and where is it most vulnerable?
- Which customer safety features will most differentiate financial institutions in the future?
- Which key recommendations should banks prioritize to ensure customer safety?
This study measures FIs based on customer-involved ID fraud capabilities that were selected based on Javelin’s annual Identity Fraud Survey Report, other consumer surveys that assess consumer propensity to adopt particular safety features, and ongoing dialog with industry experts. This report used phone-based mystery shopper investigations, as well as Javelin’s review of websites from the 25 selected financial institutions chosen for inclusion in the survey. Javelin selected these methods to ensure accurate findings that address all facets of customer security. The data was collected during August,
September and October 2009.
Using the mystery shopper approach, researchers called each bank or credit union’s customer service representative (CSR) in online banking, mobile banking, fraud prevention, and general customer service, requesting an experienced specialist. Researchers explained that they were consumers concerned about identity theft and had several specific questions about the FI’s identity theft prevention, detection, and resolution capabilities. In some cases, numerous customer service representatives were required to complete the survey, and whenever Javelin’s research specialists had reason to doubt the knowledge of a CSR the call was terminated and the process was repeated. The total quantity of required CSRs (on a per-FI basis) was recorded, along with the CSR’s name or employee number, when available, as well as the date and time of the call.
The required number of calls ranged from 4 to 7, with the average being just over six calls (6.2) to ensure reliable results. For an FI to receive credit for having a security feature the service must satisfy specific criteria; the service must be provided without a fee, except for selected criteria (credit reports and monitoring, partnerships with security vendors, and next-day replacement of debit card). In cases where a service is not provided to all of the FI’s customers, credit is given if the service
is provided to the majority of the customer base with a personal banking relationship.
FIs were scored according to their Prevention, Detection and Resolution™ capabilities.
The prevention category was weighted more heavily than detection and, in turn, more heavily than resolution, due to the greater potential cost savings associated with stopping fraud before it happens.1 Future versions of this report will build upon this research incorporating new capabilities and technologies as they become available.
FIs had the potential of scoring 45 points for prevention-related features, earning points for the following criteria: anti-phishing e-mail policies online, the prohibition of the use of the full Social Security number via phone, Internet, or mail transactions, the option to turn off paper statements, partnering with security vendors, the existence of multi-factor online and telephone authentication, mutual online authentication process online, having an extended validation certificate online at the user homepage (EV SSL), mobile banking access, review and release of suspicious transactions via online and mobile channels,
offering offline-only authentication for new accounts, mobile banking access without online banking sign-up, security education and tips for online and offline activities, vishing education, and offering user-defined limits (UDLAPS) on transaction size, card-not-present, and overseas transactions.
New scoring criteria for the 2009 prevention category included being able to enroll in mobile banking without online banking sign-up and providing a password manager (e.g., Trusteer or IDVault). Providing a password manager is a critical component for customer security because it prevents users from entering their login or password credentials at a fraudulent site.
Points were given for security information regarding online and offline activities that was readily accessible on the FI website. The preventative, educational tips must have been fairly easy to find and in a convenient place to keep consumers informed, thus keeping security top-of-mind. The same goes for partnering with security vendors – the link or information to do so must have been in a prominent location on the website.
FIs surveyed had the potential or scoring 35 points for services that help customers detect identity theft and fraud. FIs earned points for offering the ability to order and pay for credit reports, credit monitoring services through the website, and for SMS and e-mail alerts. Account-related alerts included transaction size, online (CNP) purchases, overseas transactions, balance level alerts, online transfers, wire transfers, adding a new bill payments payee, new account setup, and statement notification. E-mail alerts that notify users of changes to their personal information included changes to PINs, login
passwords, physical addresses, e-mail addresses, and phone numbers, as well as the addition or subtraction of registered users.
Both SMS and e-mail notifications protect the safety of accountholders and give consumers warning about potential fraudulent activity, thereby assisting financial institutions, issuers, and consumers in the fight to reduce costs by mitigating fraud.
With half of all fraud being discovered by the fraud victims themselves (51%)2 and the cost of fraud equalling $48 billion in losses,3 it is critical to empower consumers to self-detect and self-monitor their accounts. This year, credit monitoring services and the ability to order and/or pay for credit reports were separated into two different categories, allowing FIs to receive more points for credit detection. Javelin recommends that customers review their credit information regularly, ensuring that all the accounts listed are their own.4 The importance of credit monitoring and being able to access credit information prompted the separation and increased scoring opportunities by FIs in this area.
FIs had the potential to earn 20 points for identity theft resolution capabilities. FIs earned points for offering 24-hour, seven day- a-week account suspension, providing immediate access to funds not compromised by an identity fraud attack, providing a dedicated resolution team (or outsourcing to ITAC), access to identity theft assistance online and over the phone, a 48-hour follow-up policy from CSRs, a zero-liability policy for funds lost to fraud by online banking, wire transfers, checks, and debit card transaction (by signature, PIN, or online), for next-day availability of stolen funds (provisional credit), and for providing a data breach resolution plan. No new scoring criteria was modified or added this year.
Other Surveys Incorporated:
Consumer data from Javelin’s annual Identity Fraud Survey was also used in this report. The survey is conducted each year using computer-assisted telephone interviewing (CATI) via random-digit dialling (RDD). The total number of respondents was 4,784 in 2008; 5,075 in 2007; 5,006 in 2006; 5,003 in 2005; 5,004 in 2004; and 4,000 in 2003. The survey targeted respondents based on representative proportions of gender, age, and income compared to all U.S. adult consumers. For questions answered by all 4,784 respondents, the maximum margin of sampling error is +/- 1.4% at the 95% confidence
For questions answered by all 487 identity fraud victims, the maximum margin of sampling error is +/- 4.4% at the 95% confidence level. For questions answered by a proportion of all identity fraud victims, the maximum margin of sampling error varies and is greater than +/- 4.4% at the 95% confidence level. Additionally data was taken from a report on data breaches published in 2008. The report collected data from an online survey of a random-sample panel of 441 data breach victims in May 2008. The overall margin of sampling error is ±4.67 percentage points at the 95% confidence level.
Data was also taken from a Javelin report on personal finance management published in June 2009. This report used data from a survey collected from executives with each of the seven online-banking platform vendors.
Additional information was solicited during interviews with executives from the vendors, banks and credit unions and web-based start-ups. To evaluate products, Javelin asked each vendor to answer nearly 125 questions that delved into the availability of specific features and functionality.
The report also included data collected online from a random-sample panel of 2,714 respondents in March 2008 from Javelin’s report on mobile banking security standards. The survey targeted respondents based on representative proportions of gender, age and income compared to the overall U.S. online population. Overall margin of sampling error is ±1.88 percentage points at the 95% confidence level.
Finally, data was taken from the 2008 Financial Alerts Forecast, which was based on data collected online from several different surveys:
- A random-sample panel of 2,350 respondents in March 2008. The overall margin of sampling error is ±2.86 percentage points at the 95% confidence level.
- A random-sample panel of 3,367 respondents from August 2008. The overall margin of sampling error is ±1.70 percentage points at the 95% confidence level.
A sample for this product is available. Please Login/Register to download this sample.
Ordering: Order Online - http://www.researchandmarkets.com/reports/1134411/