Online bankers lose trust in email
/v3-uk/news/1953629/online-bankers-lose-trust-email
17 Mar 2006, Iain Thomson , V3
Nearly four out of five online banking customers now ignore emails that purport to be from their bank, according to data commissioned by RSA Security.
The annual study, conducted by market researchers Infosurv, found that a lack of trust in such emails had risen from 70 per cent in 2004 to 79 per cent.
Nearly two thirds of those questioned had not seen any drop in the number of phishing emails they received.
The research also found that people want to have their online banking monitored. Nearly nine out of 10 people said that they would be happy to be monitored while online, and 59 per cent felt that their bank should contact them if it suspects suspicious activity on their accounts.
Chris Young, senior vice president and general manager of RSA Cyota Consumer Solutions, said: "It is important to preserve the speed, simplicity, ease of use and convenience of the online banking channel.
"Consumers seem to feel comfortable with the notion of their financial institution monitoring their online activity and contacting them when something suspicious is detected, just as they have become accustomed to in the credit card space."
Although the banking community has been making noises about introducing stronger identity management systems, early progress has been slow and the survey shows little support for some products.
Fewer than half of those questioned felt comfortable using a hardware token to access their accounts, although nearly three quarters want some form of stronger security.
Do you agree?
Secure Online Banking
I have long been banging the drum for a common banking system the same as or similar to that used by Cahoot, part of Abbey National.With so much understandable apprehension among the Internet banking community, and continual indecision among the banking organisations about the best system to use - the latest seems to be in trial form of a user device that generates seemingly random card numbers related to the user's own card - but the public seem not too keen on this either.
Cahoot have long employed their WebCard, which when a user is online making a purchase, he/she can call up and have a random set of card details produced after first providing their Cahoot user name and password. Not only are the card details a one-off, but the user can limit the amount to that of the purchase, so that even if the details were hijacked, there would be no value in it for the hijacker.
I cannot think of a better form of online banking security. Add to this the option to have Cahoot e-mail the customer when a transaction exceeds his pre-determined amount (either paid in or out), and another e-mail when the account goes below a pre-determined level and you have a security package that, if not perfect (and nothing ever will be anyway)is as good as can be.
I have no Cahoot axe to grind, but am simply convinced that this is the way for other online banks to follow.
Bill Munns
Posted by Bill Munns, 23 Mar 2006
Plain Vanilla
The banks need to wake up and stop sending email with clickable links. Plain text with unclickable addresses is the way to go. If you can't click, you can't be phished by today's social engineering techniques. (Maybe by tomorrow's but that's another problem to face when it arises).
Posted by Howard Mirkin, 23 Mar 2006