The Background section of this study describes how identity theft is perpetrated and the damage it can cause. The Use of Technology section begins by discussing fundamental flaws in Internet security and how the financial services industrys current reliance on passwords for remote access to banking applications offers an insufficient level of security. This information indicates that there are two major reasons why phishing and other types of attacks have been used more and more, and with growing success, to perpetrate identity theft, particularly account hijacking:
- User authentication by the financial services industry for remote customer access is insufficiently strong.
- The Internet lacks e-mail and Web site authentication.
After analyzing the information, the FDIC is of the opinion that financial institutions and government should consider a number of steps to reduce online fraud, including:
- Upgrading existing password-based single-factor customer authentication systems to two-factor authentication.
- Using scanning software to proactively identify and defend against phishing attacks. The further development and use of fraud detection software to identify account hijacking, similar to existing software that detects credit card fraud, could also help to reduce account hijacking.
- Strengthening educational programs to help consumers avoid online scams, such as phishing, that can lead to account hijacking and other forms of identity theft and take appropriate action to limit their liability.
- Placing a continuing emphasis on information sharing among the financial services industry, government, and technology providers.