Better web banking security demanded

Almost 90 percent of U.S. bank account holders would like their financial service providers to monitor online banking sessions for signs of irregular activity in the way they currently scrutinize credit card transactions, recently released research has found.

The poll, conducted by IT security firm RSA Security, also revealed that nearly 60 percent of adults would like their banks to contact them when something suspicious is detected.

Almost three-quarters of U.S. bank customers believe that username-and-password login security is inadequate and that financial institutions should replace such systems with stronger authentication for online banking, according to the RSA annual Financial Institution Consumer Online Fraud Survey.

In addition the poll found that 79 percent of account-holders are less likely to respond to an email from their banks due to scams including phishing; this was up from 70 percent in the 2004 survey.

Some 65 percent of account holders reported seeing either "a slight increase" or "no change" in the amount of phishing emails they received in 2005. The RSA Cyota Anti-Fraud Command Center (AFCC), which scans over 1 billion emails a day backed up this assertion: The number of phishing attacks it monitors has remained close to 2,500 to 3,300 attacks per month for the last eight months, with only a small increase each month.

"It is important to preserve the speed, simplicity, ease of use and convenience of the online banking channel. Consumers seem to feel comfortable with the notion of their financial institution monitoring their online activity and contacting them when something suspicious is detected, just as they've become accustomed to for years in the credit card space," said Chris Young, senior vice president and general manager of RSA Cyota Consumer Solutions.

When presented with several options, including hardware tokens, watermarks for mutual authentication and risk-based authentication, the majority of respondents (74 percent) selected risk-based authentication as their preferred method. Risk-based authentication involves a behind-the-scenes assessment of the user's identity based on factors including logon location, IP address and transaction behavior - which can be supplemented with out-of-band phone calls or secret questions for high-risk transactions.

The survey also showed that account-holders are looking to their banks and internet service providers (ISPs) to protect them from phishing: 45 percent of account holders feel that an ISP blocking service for phishing would be effective and 68 percent would like their ISP to offer such a service.

Conducted in November 2005, the online survey asked 402 U.S. adults for their opinions on online banking authentication and email fraud, such as phishing.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.