But the fledgling industry as a whole has adopted divergent approaches to combating the problem, and there are signs that federal regulators could soon step in and mandate specific technologies. As a result, many banks have put off adopting the new services until the market matures. In the meantime, some security experts say, a few banks are resorting to hacker-like tactics in their own defense.
Only a fraction of the roughly 9,000 financial institutions nationwide have been targeted by phishers, but that ratio is changing for the worse each day. To date, online con artists have impersonated more than 150 banks, yet only about a third of those targets have deployed commercial protective technologies, said David Jevans, chair of the Anti-Phishing Working Group, a coalition of banks and technology companies.
The anti-phishing market is so young that there is little public analyst information about how much banks are spending on the new technologies. The annual sales for each of the companies contacted for this story varied widely, ranging from less than $1 million to $20 million. But several companies only began selling their services in mid-2004, and nearly all said they expected business to double in 2005 as attackers begin targeting other industries.
Presto Vivace is guessing that this is an under reported crime.