Security Issues Are Eroding Trust in Online Banking, Survey Shows

Security fears created by such trends as the rise of phishing frauds are eroding consumer confidence in online banking, a recent survey reveals. Consumers also say banks should offer some form of strong authentication going beyond standard user name and password, though they are somewhat split on the specific technology they'd like to use. Some 52% of consumers say they are “somewhat” or “very much” less likely to sign up for or continue to use online services from their banks because of the proliferation of phishing, according to the survey, conducted in December and commissioned by RSA Security Inc., Bedford, Mass. That's up from 39% a year earlier and from 49% in a November 2004 survey. Likewise, 82% of respondents say they are somewhat or very much less likely to respond to e-mail messages from their banks. Phishing fraudsters use bogus e-mails to trick unwary online users into visiting spoofed sites where they are asked to enter PINs, passwords, and other sensitive information that can be used to loot their accounts. Five percent of respondents to the RSA survey said they had revealed information to fraudsters after receiving a phishing e-mail. Some 38% of respondents say they know what phishing is, down from 43% a year ago but up from 25% in 2004. But most recipients of phishing?63%–do not notify their banks when they receive the messages. Trends such as phishing have led to a push to bolster security for online channels with authentication methods that would introduce a second identity factor besides user name and password. This may be a felt need in the making among consumers who pay bills, check balances, and perform other banking tasks online. In the survey, 69% of consumers say they “prefer” or “strongly prefer” that their banks offer stronger authentication. And 91% say they are “very willing” or “somewhat willing” to use a stronger authentication tool when it became available. At the same time, some 61% say their banks do not currently offer authentication beyond user name and password. Among specific technologies, risk-based authentication garnered the most favorable response, with 74% favoring it. With this form of security, banks run checks on IP addresses and other available information to determine whether a user is logging in from an unusual location. If so, the bank may ask the user to answer verification questions either online or through a phone call. Tokens that attach to keychains and generate one-time passwords for use online?known as hardware tokens?won favor from 40% of respondents. Personalized images, used as a method to authenticate Web sites to users, gained a 56% favorable response. The online survey posed questions to 1,678 adults in eight countries, of whom about 200 responded, including respondents from the U.S. and the U.K. Previous surveys included responses from the U.S. only. All respondents have bank accounts, and just over three-quarters of the respondents use online banking. Conducted by Infosurv, the survey has a statistical accuracy of plus or minus 2.39% at the 95% confidence level.