Phishing hits one in four Asian banks

Survey finds over 25 percent of banks have experienced phishing over the past year. Not many have a formal plan to educate customers on identity theft and fraud.
Written by Vivian Yeo, Contributor

Banks in the region are realizing the importance of online transaction security but not many have taken steps to address this, according to a new study.

ReadiMinds, which released the survey results, said in a statement Thursday that over 25 percent of banks in Asia have been targets of phishing attempts in the past year. Headquartered in Singapore, ReadiMinds provides security software targeted at financial institutions.

Conducted this month, the survey covered banking institutions in Bangladesh, Cambodia Hong Kong, Indonesia, Malaysia, the Philippines, Singapore, Sri Lanka, Taiwan, Thailand and Vietnam. ReadiMinds did not disclose to ZDNet Asia the number of respondents.

Some 20 percent of banks in the region have implemented stronger online security--in the form of two-factor authentication (2FA)--and the trend is growing, said ReadiMinds. Software-based 2FA is becoming the preferred mode of second-factor authentication, over hardware tokens.

In addition, only 20 percent of financial institutions surveyed had a formal plan to heighten customer awareness against online fraud and identity theft.

Adopting a risk-based approach
A ReadiMinds spokesperson told ZDNet Asia in an e-mail Thursday that most banks have currently not adopted a risk-based approach toward online transactional security. For example, the systems do not factor in the country from which the customer is making a transaction, or the transaction amount.

"They (the systems) follow the same process irrespective of whether you are undertaking the banking transaction from Singapore or Nigeria, or whether you are transferring $200 or $1,000," the spokesperson said.

Applying risk-based transaction authorization, fraud detection and strong user authentication are key to a holistic approach to transaction security, said ReadiMinds.

According to the survey, over 30 percent of banks that have recently implemented stronger online security had adopted a risk-based approach.

Editorial standards