Financial institutions are increasingly putting customer data at risk by relying too heavily on social security numbers for authentication, a report issued this week from Javelin Strategy & Research claimed.
Javelin's seventh annual Banking Identity Safety Scorecard found that overall fraud prevention by banks has worsened in the last several years. Javelin said that in 2009, 79 percent of FIs met the criteria the scorecard uses for prevention, detection and resolution, while only 54 percent did so in 2011.
The report stated that overuse of social security numbers for authentication is a major factor in this decrease. None of the FIs included in the scorecard prohibited the use of SSN for phone, mail or internet authentication, said Javelin.
"FIs need to end their drug-like dependency on using full or truncated SSNs for authentication purposes," said Phil Blank, Managing Director, Security, Risk, and Fraud at Javelin, in a prepared statement. "SSN has become a popular security question these days and is a commonly phished item by fraudsters. While a bank may think it is making a transaction more secure by asking for an SSN, it is actually compromising the value of this security question by continually asking for the same information."
Javelin forecasts that as the economy continues to face turbulent times, fraud incidents and costs associated with them will rise. While financial institutions are contending with constrained revenues and may be tempted to cut back on security, Javelin said banks should do the oppose and invest heavily in security. In fact, having robust security can result in lower costs to the institution and lower customer churn, the report found.