ReadiMinds reveals 'State of Online Security in Financial Institutions in Middle East 2008'

Survey* respondents represented Middle East's major banks across UAE, Saudi Arabia, Lebanon, Kuwait and Bahrain. The survey primarily focused on the issues pertaining to transactional security and risk mitigation: online identity theft, MITM attacks and online financial frauds.

Key findings of this survey are:

1. Over 20% of banks reported to have been the victims of phishing/pharming during the last one year.

2. For Stronger User Authentication: software based two-factor authentication [2FA] methods, namely phone factor or device fingerprinting, is gaining increasing popularity over the traditional one-time pin [OTP] generating hardware security devices, because of lower cost and user convenience. Over 30% of respondents now prefer it for their new implementations - a growing trend among the financial institutions.

3. All respondents were aware that integrating Stronger User Authentication, with Fraud Detection, and Risk-Based Transaction Authorization is the strongest form of defense against Online Identity Theft, MITM attacks and Financial Frauds. Clearly, there is increasing desire to take holistic approach to transactional security & fraud prevention.

4. "Integrated/holistic" approach to transactional security and fraud prevention/risk mitigation is clearly becoming a preference over "point" solutions.

5. Accordingly, preference for "stand-alone" 2FA is clearly declining with the availability of "integrated/holistic" solutions. Over 30% respondents now prefer integrated solution for their new implementations: fraud detection and risk based transaction authorization together with stronger user authentication, for transactional security and fraud prevention.

6. Operational risk, also called transactional risk, still do not attract enough importance in the financial institutions compared to credit and market risks. This however is changing with new regulatory guidelines, result of alarming increases in identity theft, and online financial frauds including external and internal frauds. Results clearly show that online security and surveillance is a business issue!

7. Financial crime surveillance slowly but surely is gaining ground.

8. Over 70% of banks still do not have dedicated budget for online security. Online security is still part of the IT budget.

9. Identity management and/or fraud prevention, and risk management, are the top two security agendas for 2008 for ME banks.

10. Awareness of the impact of online security incidents is still quite low. 75% of respondents were not well aware of online security incidents in their own bank.

ReadiMinds CEO Naren Nagpal commented, "It is not surprising that rapid economic and financial industry growth in Middle East has also resulted in significant increase in online financial frauds. ME is becoming attractive play-ground for international fraudsters too. Indeed there is increasing attention and both regulatory bodies and ME financial industry is trying to catch-up with the prevention methods; however it is obvious that more should be done on this front. Stronger regulatory framework for online transactional security & risk mitigation, and its faster industry adoption is the only way to contain identity theft & online financial frauds. Other countries have clearly shown the effectiveness of this process."