Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:15 PM
Connect Directly

Protecting Customer Data Is Small Banks’ Top Tech Concern

Despite the credit crisis, community banks' spending on security will rise as hackers increasingly target small banks.

Securing customer data will be the top technology focus of community banks in the coming years, according to a survey released in October by the Independent Community Bankers of America. Security displaced concern with containing the cost of technology, which dominated ICBA's 2006 survey.

And community banks are putting their money where their mouths are, with more than half of respondents reporting that their institutions will increase spending on fraud detection and security systems. They were not asked about the amounts they will spend.

As for the technology issues they are grappling with now, the top three items cited by the 1,300 community banks that participated in the study were risk management (81 percent), protecting data and infrastructure (74 percent), and adding value to the organization (52 percent). Asked about their concerns over a two-year horizon, however, an emphatic 81 percent rated the security of customer data as the top priority, followed by keeping up with emerging technology (66 percent) and keeping IT systems available (63 percent). The comparative replies in 2006 were keeping technology affordable (64 percent), system security (60 percent), and, jointly, data security and keeping up-to-date on technology (55 percent).

"There's a real difference between the 2006 and 2008 results," observes Cary Whaley, director of payments and technology policy with ICBA. Although the Washington, D.C.-based association made a couple of minor changes to the wording of this year's questions, which might have slightly elevated data security as a response, according to Whaley, "There's definitely an increase in concern about security," he says, adding, "A customer data breach is a reputational risk."

Interestingly, among survey respondents the smallest banks voiced the most anxiety over data security: 85 percent of those with less than $100 million in assets ranked identity theft as their top concern, compared with 69 percent of those in the top bracket surveyed, banks with more than $500 million in assets. The current consensus definition of a community bank is one with $3 billion in assets or less, although ICBA's almost 5,000 members have assets ranging from $2 million to $15 billion. It polled 8,258 banks.

Hackers Targeting Small Banks?

According to Richard Winston, an Irving, Texas-based senior executive with Accenture, it's likely that community banks are under a new level of attack. "The perception is that they won't have the most sophisticated security," he explains.

Indeed, there have been some indications lately that criminals increasingly may be targeting community banks. This past summer, BS&T chanced upon warnings on the home pages of several small banks alerting their customers to phishing attempts directed at them. One New England bank that was targeted had less than $500 million in assets. Another, which is based in the South and has $2 billion in assets, was among many targeted through their service bureau, Calabasas, Calif.-based Digital Insight.

An executive with the Southern bank who spoke on the condition of anonymity, however, rebuffed the suggestion that hackers may be focusing on community banks, noting that "Many of Digital Insight's customers are large banks." A Digital Insight spokesman said the July 17 scattershot e-mails claiming to be from Digital Insight were shut down within hours and that "There were no data breaches" resulting from the phishing scheme.

Still, ICBA's Whaley acknowledges that "It's possible community banks are being targeted more because they are seen as weaker links in the chain." He notes that early phishing attempts were directed at the biggest banks. "With thieves," he says, "when one door closes -- whether it's BofA, Wells or whatever -- they are going to try every other door."

The financial crisis hasn't diminished community banks' resolve to secure their doors, Whaley adds. ICBA respondents were polled in June, but Whaley informally confirmed their commitment to spend on data security technology as recently as Halloween. Speaking at a regional clearinghouse event, at Columbus, Ohio-based Payments Central, Whaley asked audience members for a show of hands: Would they now cut data security spending? Of 50 or so attendees, "None of them are considering reducing their data security," he relates. "Most are increasing it, and the looks I got said, 'This is one of the most absurd things you could ask!' "

Full results of the ICBA surveys can be viewed at

Read more from BS&T's
Special Report: Data Security

Best Practices on Data Breaches

Fighting Fraud With Texts

Fraud Hits Too Close to Home

Comment  | 
Print  | 
More Insights
Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.