RSA, the security division of
EMC, has
released the findings of its fourth annual
Financial Institution Consumer Online Fraud
Survey, and the results show that customers want stronger
online security methods.
The survey questioned 1,678 adults from eight countries about
their opinions on fraud threats such as phishing and keylogging,
and on the efforts of their financial institutions to strengthen
remote banking authentication.
The results showed that 91% of account-holders are willing to
start using a new authentication method, beyond the standard
username-and-password format, if their banks decided to offer
stronger security.
In addtion, 73% said they would like their financial institution
to use risk-based authentication, and 69% of account-holders
believe that financial institutions should replace
username-and-password log-ins with stronger authentication for
online banking.
Also, 58% of account-holders believed that financial institutions
should deploy stronger authentication for telephone banking, and
82% wanted their banks to monitor online banking sessions and
telephone banking sessions for signs of irregular activity or
behaviour - similar to the way that credit card transactions are
monitored today.
Less than 70% of respondents in the UK (69%) and in Australia
(65%) claimed to be familiar with the term phishing, compared to
83% in the US.
The survey showed that trust in the online channel continued to
erode, with 82% less likely to respond to an e-mail from their bank
due to scams including phishing - up from 79% in 2005 and 70% in
2004.
More than half said that they would be less likely to sign-up
for or use online banking as a result. In addition, 44% of
account-holders reported that they have become increasingly
concerned about other types of attacks, such as Trojans and
keyloggers, over the past six months.
When presented with several new authentication options,
including hardware tokens, personalised images, and risk-based
authentication, the majority of respondents (73%) said they would
like their financial institution to use risk-based
authentication.
Risk-based authentication involves a behind-the-scenes
assessment of the user's identity based on factors including log-on
location, IP address and transaction behaviour - which can be
supplemented with phone calls to the customer or secret online
questions for transactions that are deemed high-risk.
Globally, 40% said they would like to use a hardware token for
authentication. Account-holders in European and Asia-Pacific
countries such as Spain, Germany, Singapore and India were the
strongest advocates for this technology, with between 46-50% saying
they would like to use tokens.
Also, 56% said they would like to use a personalised image to
authenticate online banking sites. A personalised image is selected
by users and used to help verify that they are in fact on their
bank's legitimate site and not a fraudulent one.
Check service established for stolen IDs
Mobile banking to be targeted by
fraudsters
Comment on this article:
computer.weekly@rbi.co.uk