RSA Announces Findings of Annual Consumer Online Fraud Survey Consumers say ‘Username-&-Password’ must go: 91% of account-holders are willing to use stronger authentication methods offered by financial institutions
Trust in the online channel continues to drop: 52% are “less likely” to sign-up for or use online banking; 82% are “less likely to respond” to banking-related e-mails
BEDFORD, Mass.— RSA, The Security Division of EMC, (NYSE: EMC) today released the findings of its fourth annual Financial Institution Consumer Online Fraud Survey. Conducted in December 2006, the online survey1 asked 1,678 adults2 from eight countries3 around the world for their opinions on evolving fraud threats such as phishing, vishing and keylogging, and on the efforts of their financial institutions to strengthen remote channel banking authentication.
Key results of the survey include:
* 91% of account-holders answered that they are willing to start using a new authentication method, beyond the standard 'username-and-password', if their banks decided to offer stronger security
o 73% commented that they would like their financial institution to use risk-based authentication
* 69% of account-holders believe that financial institutions should replace username-and-password log-in with stronger authentication for online banking
* 58% of account-holders believe that financial institutions should deploy stronger authentication for telephone banking
* 82% of account-holders would like their banks to monitor online banking sessions and telephone banking sessions for signs of irregular activity or behavior - similar to the way that credit card transactions are monitored today
* While many financial institutions have begun moves to deploy stronger authentication over the past year, only 39% of account-holders are aware of it
* Less than 70% of respondents in the UK (69%) and in Australia (65%) claimed to be familiar with the term "phishing" - compared to 83% in the US
In addition, trust in the online channel continues to erode. 82% account-holders are less likely to respond to an e-mail from their bank due to scams including phishing - up from 79% in 2005 and 70% in 2004 - and more than half said that they would be less likely to sign-up for or use online banking as a result. In addition, 44% of account-holders reported that they have become increasingly concerned about other types of attacks (besides phishing), such as Trojans and keyloggers, over the past six months.
"2006 was an eventful year for financial institutions in terms of ramping up their online banking security. Our survey affirms that the market is moving in the right direction, with more than 90 percent of consumers now willing to use stronger security when it is deployed, and this is something that banks should take into consideration when looking to accelerate their business," said Christopher Young, vice president and general manager, Consumer Solutions at RSA. "We anticipate that 2007 will bring new steps forward in online banking security, albeit in the context of an evolving threat landscape that is driving the need for added protection in other remote channels - with a focus on telephone banking."
Account-holders want stronger authentication...
When asked for their views on online banking authentication, 69% of respondents answered that they feel banks should use something stronger than basic and static usernames-and-passwords; more than half (58%) want banks to ramp up telephone banking authentication as well. Moreover, 91% of account-holders responded that they would be willing to start using a new authentication method, beyond the standard username-and-password, if their bank decided to offer stronger security: 43% said they would be "very willing and would proactively sign up for the service," and another 48% said they were "somewhat willing and would sign-up if they had the time and it was a simple process."
... but opinions vary when it comes to the preferred method of authentication
When presented with several authentication options, including hardware tokens, personalized images, and risk-based authentication, the majority of respondents (73%) commented that they would like their financial institution to use risk-based authentication. Risk-based authentication involves a behind-the-scenes assessment of the user's identity based on factors including log-on location, IP address and transaction behavior - which can be supplemented with out-of-band phone calls or secret questions for transactions that are deemed high-risk. Risk-based authentication is designed to provide strong security with minimal impact on the user experience - a concept that resonated extremely well with the survey respondents.
Globally, 40% responded that they would like to use a hardware token for authentication. Account-holders in European and Asia-Pacific countries such as Spain, Germany, Singapore and India were the strongest advocates for this technology, with between 46-50% responding that they would like to use tokens.
- Approximately half of all respondents (49%) agreed that - assuming their bank decided to use tokens for online authentication - they would appreciate it if they could use the same token to log-in to other web sites, in addition to their online banking site. 56% responded that they would like to use a personalized image to authenticate the online banking site to the user; 53% felt that personalized images would provide them with an increased sense of security. A personalized image is selected by users and used to help verify that they are in fact on their bank's legitimate site and not a fraudulent one.
Most consumers unaware of additional security that may already be in place
Despite the fact that consumers want added security and are willing to use it, only 39% of account-holders answered that they were aware of their financial institution using some form of additional security (personalized images, risk-based authentication, one-time-password device). In fact, U.S. financial institutions faced a 2006 year-end deadline to start enhancing online security set by the Federal Financial Institutions Examination Council (FFIEC). According to a Gartner survey of 50 U.S. banks conducted in October and November 2006, two-thirds of U.S. banks are already compliant with the FFIEC's Guidance on Stronger Authentication in an Internet Banking Environment4 , in time to meet the 2006 year-end deadline. Moreover another 30% planned to achieve compliance in the six months after the survey was taken, or by May 20075.
Based on a survey conducted by the Aite Group, 92% of the top 10 retail brokerages and 12 of the top 50 U.S. banks have already selected vendors for user-authentication, fraud-detection and transaction-monitoring solutions, and approximately 50% of financial institutions are expected to have additional security measures in place by the end of 20076.
Young continued: "The consensus used to be that security is something that should be handled quietly - and that consumers trust their financial institution to keep their information and assets safe. However, as awareness of identity theft and online fraud grows, people want to feel reassured that they are in fact protected. Our experience shows us what our survey results affirm: educating consumers about new security measures in place, even if they are invisible to the consumer, is advisable and would be regarded positively by the bank's customers. While most consumers don't want to be burdened with security, they still would like to know they are secure, and as we can see, they are willing to embrace the technology."
Account-holders expect their banks to monitor remote channel banking activity
According to the survey, 82% of account-holders would like their banks to monitor online and telephone banking sessions for signs of irregular activity or behavior - similar to the way that credit card transactions are monitored today; 51% feel that banks should contact them if any suspicious activity is detected online; 48% felt the same for telephone banking as well. British account-holders felt the strongest in this regard with 93% claiming they would like their online banking monitored, compared to a figure of 70% in France.
Trust in the online channel continues to drop; concerns about evolving threats on the rise
As financial institutions work to accelerate their businesses by driving additional people online and introducing new online features and functionality, the survey results indicate that security must be addressed in order to maintain trust in the Internet and boost consumer confidence online. Four out of five account-holders expressed that, as a direct result of scams such as phishing, they are less likely to respond to an e-mail from their bank. In addition, more than half of the survey respondents (52%) said that they would be less likely to sign-up for or use online banking at all as a result of these scams.
The RSA surveys mentioned above were administered by Infosurv, an online market research company. For a full copy of the latest edition of the research, please email
![[email address]](http://www.managementparadise.com/forums/?emailimage=c1c243b4a6d45d2c81fb80618dc1f748)
.
1Overall: Statistical accuracy of +/- 2.39% at the 95% confidence level
2Survey profile: Adults with at least one bank account; most respondents bank online
3USA, UK, Germany, France, Spain, Australia, Singapore, India
4authentication_guidance.pdf" target="_blank">
http://www.ffiec.gov/pdf/authentication_guidance.pdf
5Gartner: FFIEC Guidance Drives Online U.S. Banking Security Upgrades, January 2007, Avivah Litan
6Aite Group: Online Banking and Brokerage Security: 12/31 and Beyond; October 2006.............
Keep Posting...........
take care
Regards,
Priyanka
ONLINE FRAUD IN BANKS SURVEY -
May 2nd, 2007
![BMS MBA Helper[/url]](http://www.managementparadise.com/forums/images/reputation/reputation_pos.gif)
Linear Mode
