Gartner Says U.S. Bank Spending on Fraud and Authentication Is Rising

Survey Reveals Increase in Spending Not Due to Red Flag Rules

STAMFORD, Conn., July 2008 —

Bank spending on fraud prevention and customer authentication is increasing in the United States in 2008 and 2009, according to Gartner Inc. Analysts said this spending is needed as fraud rates are rising in the use of payment cards, money transfers, online banking, checks and call centers. Fraud schemes move across channels, products and enterprises.

In March of 2008, Gartner surveyed 50 U.S. banks to understand how banks assess security threats across channels and how they deal with fraud and customer authentication. However, due to the relatively small sample size, the survey helps highlight trends rather than drawing absolute conclusions.

Banks expect to spend even more on fraud detection and customer authentication in 2009 than in 2008, and spending generally will be higher among the largest banks. Overall, about 60 percent of banks expect to spend more on these programs in 2009 — and this percentage rises to 71 percent among large banks with consumer deposits of more than $150 billion. About 20 percent of these banks expect spending to rise significantly.

On a scale of 1 to 7, with 7 being “extremely important” and 1 being “not at all important,” compliance with banking regulations scored 6.58 as a driver among respondents, while improving fraud prevention scored 6.26 and increasing consumer confidence scored 6.22. The largest banks surveyed ranked compliance at 6.76, improving fraud prevention at 6.67 and increasing customer confidence at 6.4.

“Compliance is still the main driver for fraud prevention and customer authentication projects, but 60 percent of surveyed banks already consider themselves to be compliant with the Red Flag regulations of the U.S. Fair and Accurate Credit Transactions Act of 2003,” said Avivah Litan, vice president and distinguished analyst at Gartner.

The Red Flag rules generally require that creditors check for identity theft before they issue consumers or some businesses credit. The rules must be implemented by U.S. financial institutions and other creditors by November 2008. But the general thinking in the industry is that banks must typically only formalize and document procedures they already have in place to prevent identity-theft-related fraud.

According to the survey, online banking fraud detection is the most widely implemented fraud management system across U.S. banks, followed closely by stronger consumer authentication at banks’ Web sites. Over the next two years, the most pervasive plans for new fraud prevention and customer-security-related projects include stronger caller authentication for customers that telephone call centers; enterprise fraud detection that manages fraud across customer channels and accounts; and a case management system for managing fraud.

Ms. Litan said that, on average, banks tend to consider their Web channels to be more secure than their phone channels. Nevertheless, in 2008, most banks say they will spend more money on Web fraud detection than on call center fraud detection, which acknowledges that the Web channel is generally more vulnerable when it comes to outright monetary theft or account surveillance.

Additional information is available in the Gartner report “Bank Spending on Fraud and Authentication Rises, but Not Due to Red Flag Regulations.” The report is available on Gartner’s Web site at http://www.gartner.com/DisplayDocument?ref=g_search&id=680714&subref=simplesearch.