Internet banks scolded for poor service

Banks have been warned to think through their internet ventures more carefully to ensure first day glitches and potential security breaches don't harm their reputations.

Howard Davies, chairman of independent regulatory body the Financial Services Authority (FSA), said online banks should review their internal security procedures to ensure effective damage limitation should hackers find a way past their perimeter security, and make sure they have sufficient IT infrastructure in place to avoid embarrassing, reputation-damaging website crashes.

The FSA report, based on conversations and visits with "all the major internet banks", said that when it comes to security the banks have found little evidence of material success for hackers, but that internal defences must be toughened up.

"While banks tend to have reasonable perimeter security, we have sometimes found insufficient segregation between internal systems and poor internal security," said Davies. "We are encouraging banks to look at the firewalls between their different systems to ensure adequate damage limitation should an external breach occur."

IT glitches are another worry. Cahoot, Abbey National's e-venture, became the latest online bank to experience technical difficulties on its first day. Its website collapsed at 10am, spluttered sporadically into life in the afternoon and didn't run smoothly until 24 hours later.

While Cahoot's managing director Tim Murley conceded it to have been "extremely embarrassing", one week later and with a claimed 10,000 new accounts, the talk is of consumers tolerating any technical teething problems and remaining confident in the service. The FSA, however, believes failures stick in the mind of prospective customers.

"It is enormously difficult in the internet environment to predict and manage the volume of customers you will obtain," said Davies. "Many banks going online have significantly misjudged volumes, usually making estimates that turn out to be too cautious. When a bank has inadequate systems to cope with demand, there may be both financial and reputational damage and even compromises in security."

The problem was summarised at the recent Banking and Finance ebusiness conference, when one banking executive said: "You don't know what a million customers will do, or when they are going to do it." Hence, the functionality of websites must be the overriding priority.