Online fraud is not a big business risk for your major banking operation. It's the biggest. It's your most perplexing business challenge, too. How do you solve problems that mostly originate outside of your highly secure system? How do you introduce security enhancements without frustrating—and losing—customers?

If you're waiting for the perfect anti-fraud system, stop. Battling online fraud is a game of cat and mouse, says Eric Greenberg, chief technical officer of NetFrameworks, a Web security consultancy in McLean, Va. Reinvent your mousetrap as often as the phishers, pharmers and other online fraudsters change their schemes.

Tackle the challenge with business intelligence, technology and good old-fashioned marketing. A security consultant will help your analysts map out an implementation strategy that balances improvements with customer education. Part of that strategy will be a pilot program of customers using secure-authentication tokens—palm-sized devices that randomly generate an on-the-go password.

Help your customers by pushing software services that will better protect them. Premium spam software, for example, can be offered as a free download, with costs easily underwritten by you. Invest in a monthly fraud-detection service that tracks suspicious Web traffic and domain registrations. And consider requiring an extra password for money transfers or payments above a certain amount.

Work directly with your customers, promoting security awareness and services on their end, and educating them on the new hoops they will have to jump through on your end.

"You really need to challenge the consumer," says Gregg Mastores, senior security analyst at spam software specialist Sophos Inc. "A lot of people are starting to think the long-term viability of Web transactions may be at stake."

To read the details behind this planner and fill in your own numbers, buy the spreadsheet.