Ask the Expert

How secure is online banking today?

Do you consider online banking in its current state to be secure? In your experience, what are the biggest mistakes that financial services providers -- and their customers -- make that expose them to security risks?

    Requires Free Membership to View

If you ask, "Is online banking in its current state secure enough?", then the answer is a qualified "Yes." While some banking customers have been defrauded through online channels, the extent of such problems is not enough to offset the advantages offered by online banking. (Just think of the number of miles of driving that online banking saves, thereby reducing the chance of a banking-related car accident!)

The fact is that most banks take the security of their online services seriously, realizing correctly that a significant percentage of customers are not going to use such services if the banks have a reputation for being unsafe. Banks also save a lot of money by offering online services, allowing them to afford security enhancements, such as the SiteKey implemented by Bank of America. Many smaller banks now offer similar authentication systems.

One of the biggest mistake banks have made is in not ensuring that enough people are Internet-savvy. Customers must recognize that the avoidable risks of online banking reside, namely, in email scams and phishing attacks.

Some banks, however, are making an effort to educate customers. At a small regional bank I visited recently, there is an interesting notice on the subject, readable by anyone who waits at the drive-thru. The notice lists the tell-tale signs of the major Internet scams, like a phony request for a deposit, overseas payment via Western Union and so on. I commend the bank on this educational initiative. Banks need to stop being nervous about the minimal risks customers face online, even though the threat does exist. Banks should be more proactive in educating their consumer base, because such scams undermine the benefits of online commerce for everyone, regardless of whether that risk is directly related to a bank's actions or not.

The other big mistake that financial service providers make is the failure to pressure email providers into implementing universally trusted email. The technology to do this has existed for at least five years, but petty proprietary wrangling among vendors has repeatedly killed efforts to implement simple email changes that would cut out most spam and phishing. Banks and other financial service providers need to realize that many risks of online activity could be removed almost overnight by responsible cooperation between the likes of Microsoft, Comcast, AOL, AT&T, Roadrunner, Yahoo and Google.

Bill Gates relied on hopelessly optimistic estimates by his analysts when, in January 2004, he said that spam would be solved within two years. In all its forms, including phishing, spam continues to inflict costs that arguably exceed $100 billion a year in the U.S. alone. But Gates was right when he said it could be solved. All we need is less greed, more collective corporate goodwill, and maybe some good old-fashioned bullying from financial service providers.

More information:

  • Senior News Writer Bill Brenner asks Panda Security's Gary Leibowitz how its offerings have catered to the online banking sector.
  • Visit SearchFinancialSecurity.com for more news and expert advice on online banking.
  • This was first published in March 2008

    There are Comments. Add yours.

     
    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to: