Friday, March 7, 2008

The FDIC Computer Intrusion Report

Last week, Security Fix featured the highlights from a non-public report by the Federal Deposit Insurance Corp. (FDIC) that examined a huge recent spike in the cost of computer intrusions for banks and consumers. I chose not to publish the report itself at the time, but due in part to the large number of requests I've received from people inside the financial sector who claim to have never seen such figures from the government before, I've decided to release a slightly redacted version of it (the original version contained a number of case studies that included potentially sensitive data about ongoing law enforcement investigations).

FDIC Division of Supervision and Consumer Protection: Cyber Fraud and Financial Crime Report, November 9, 2007 (as of June 30, 2007) (Doc). For those who don't have Microsoft Word, a less attractive HTML version of the report is available here.

I should note that while the report centers on cyber fraud, there are other aspects of bank fraud detailed in this report that may be of interest for reporters or fraud analysts in other sectors. For example, the study includes data showing a sizable increase in new account fraud using completely fabricated identities, which are turn used for check kiting and fraud "bustout" fraud schemes. Also, the report includes recent figures on mortgage fraud rates. [...]

Read more ...
Brian Krebs on Computer Security. The Washington Post Company.

No comments: