British regulators demand more transparency from banks regarding phishing incidents
In a report to the House of Lords the Financial Services Authority (FSA) declared that phishing attempts have risen by 8,000 percent in the UK in the last two years. The FSA, a regulatory body for the financial sector, is concerned about the increase. While the number of successful frauds remain relatively low, the UK Payments Association, Apacs, has nevertheless seen a rise, from 312 cases between January and June 2005, to 5059 during the same period in 2006. Victims lost a total of 23.2 million pounds (34.4 million euros) during the first six months of 2006, although the number receded to 22.5 million pounds in the second half of the year, due to increased awareness and countermeasures.
Apacs reports that one bank in particular is a favourite for professional phishers. For discretionary reasons it was not revealed just which bank is involved, and the point was made that the bank in question does not necessarily have weaker security measures than other banks. Apacs, representative for the banking sector, has no plans to publish a list of banks whose customers have fallen victim to fraud. The payments association instead prefers to keep a lid on things: British media reports claim that Apacs is fighting against the publishing of security incidents, such as when an employee loses a laptop. The organisation feels that notices to customers, as is common practice in the USA in the face of similar incidents, would be overkill.
The FSA believes that online banking is fundamentally secure. Yet it complains about the lack of transparency, on the part of banks, when fraud has occurred and the customer has been made a victim. Cases are only grudgingly reported to the police, because there's no expectation that they will be investigated. The regulators are calling for openness and transparency to maintain trust in the banking system. Representatives of the FSA intend to meet with the Information Commissioner in coming weeks and discuss how best to resolve this problem.