Boston, MA
November 2005



This report studies the increasing loss of confidential consumer data from home computers and business sites.  It also evaluates the potential that this data may be used more effectively by criminals to launch attacks in the future.  This information is then put into context relative to current security products, current consumer concerns relative to Internet insecurity, and finds that the recent FDIC recommendations are excellent minimum requirements for brick and mortar banks but are insufficient for banks investing in the Internet channel to lower costs and to launch new strategic initiatives.

Tim Sloane, Director of the Debit Service for the Mercator Advisory Group and the author of this report, indicates that banks can increase trust and reduce risk by pushing protection out to the consumer’s home computer: “A home computer infected with spyware presents a serious risk when used to access financial information – regardless of authentication technology deployed.  By offering software to the home computer user that provides Internet protection, banks lower their risk and could establish a secure channel to the consumer.  Several ISP’s with less at risk than a bank have already taken this approach.” 

It is clear the consumer needs help.  Several recent studies indicate that spyware has caused damage to home computers measured in billions of dollars and the problems are so widely known by consumers that three different recent studies clearly indicate consumers are extremely concerned by performing financial transactions on the Internet.  If a bank is going to lower its costs by driving customers to online access to statements, checking and bill payment, then it must contend with growing consumer anxiety.

This report also investigates the risk created by the release of 51 million consumer records into the wild in just the first nine months of 2005.  The vast majority of these credentials are never used in an attack because the defense established by the banks require criminals implement expensive and time consuming processes to successfully utilize these credentials (new address, documents, etc).  While this remains an effective prevention today, we must remain vigilant against any criminals that may find a new way to leverage this data or better organize the mule networks already employed.  With the tremendous reservoir of consumer data that is in the wild, any small increase in the efficiency with which that data is used to attack the financial infrastructure could potentially create a huge increase in losses.

                               One of the 13 Exhibits included in this report


The report contains 40 pages and 13 Exhibits.

Members of Mercator Advisory Group have access to these reports as well as the upcoming research for the year ahead, presentations, analyst access and other membership benefits. Please visit us online at

For more information call Mercator Advisory Group’s main line: 781-419-1700 or send email to