India's First Online Security Survey Results Announced by ReadiMinds
"State of Online Security in Financial Institutions in India - 2008"

We are pleased to announce the results of our maiden online security survey titled "State of Online Security in Financial Institutions in India - 2008". This is arguably India's first such survey. Survey* respondents represented cross section of India's top 40 banks. The study primarily focused on the issues pertaining to online identity theft and online financial frauds.

Key findings of this survey are:

• 30% of banks reported to have been victims of identity theft/phishing during the last one year.
• Man-in-the-middle attack has reached Indian shores - 10% of banks were victims of it during the last one year.
• For Stronger User Authentication: software based two-factor authentication [2FA] methods, namely phone factor or device fingerprinting, are gaining increasing popularity over traditional methods, because of lower cost and user convenience..
• All respondents were aware that integrating Stronger User Authentication, with Fraud Detection, and Risk-Based Transaction Authorization is the strongest form of defense against Online Identity Theft, MITM attacks and Financial Frauds. Clearly, there is increasing desire to take “integrated/holistic” approach to transactional security & fraud prevention.
• "Integrated/holistic" approach to transactional security and fraud prevention/risk mitigation is clearly becoming a preference over "point" solutions.
• Accordingly, preference for "stand-alone" 2FA is clearly declining with the availability of "integrated/holistic" solutions. Over 40% respondents now prefer “integrated” solution for their new implementations: fraud detection and risk based transaction authorization together with stronger user authentication, for transactional security and fraud prevention.
• Operational risk, also called transactional risk, still do not attract enough importance in the financial institutions compared to credit and market risks. This however is changing with new regulatory guidelines, result of alarming increases in identity theft, and online financial frauds including external and internal frauds. Results clearly show that online security and surveillance is a business issue!
• Financial crime surveillance slowly but surely is gaining ground.
• Online Security is a business issue! There seems to be a strong link between the business performance of a financial institution and the online security measures implemented by it. Over 70% of banks that reported to have implemented stronger security, also regularly deliver better business performance compared to their peer group.
• Over 57% of banks still do not have a dedicated budget for online security. Online security is still part of the IT budget.
• Over 40% of respondent banks do not have any formal plan in place for creating customer awareness against online identity theft and financial frauds.
• Naren Nagpal, CEO of ReadiMinds commented, “It is not surprising that rapid economic and financial industry growth in India has also resulted in significant increase in online financial frauds. India is becoming attractive play-ground for international fraudsters too. Indeed there is increasing attention and both regulatory bodies and Indian financial industry is trying to catch-up with the prevention methods; however it is obvious that more should be done on this front. Stronger regulatory framework for online transactional security & risk mitigation, and its faster industry adoption is the only way to contain identity theft & online financial frauds. Other countries have clearly shown the effectiveness of this process.”

*Note: ReadiMinds conducted this survey during the month of April, 2008, and released the analysis in two phases in May and July, 2008.

Contact for more information, or interview: