By Dan Ilett, 23 January 2006 16:35
NEWS
The government financial services watchdog has hit out at consumers for failing to bank "responsibly" on the internet - and said banks must do more to help them learn safer online banking habits.
The remarks come as research from the Financial Services Authority (FSA) found consumer confidence in online banking is "fragile".
Philip Robinson, financial crime expert at the FSA, said in a statement: "Most consumers recognise they have some responsibility for security but they are not necessarily following this obligation through.
Robinson said: "To tackle the losses associated with fraud, banks should continue to drive security and this must include educating consumers on the importance of protecting themselves."
Half of the 1500 respondents surveyed by the FSA said they were "very" or "extremely" concerned about the potential fraud that could occur through an online transaction.
Most respondents who bank online said they had installed some security software on their computers but more than a quarter could not say when they last updated it.
Robinson added: "Banks need to look carefully at consumer attitudes and whether their initiatives are effective in maintaining confidence."
According to Apacs, the UK Payment Association, fraud losses through internet banking totalled £14.5m in the first half of 2005.
The FSA added that if banks moved the liability of fraud loss to the consumer, more than three-quarters (77 per cent) of users said they would abandon internet banking.
Nearly all users (95 per cent) surveyed said at least some security responsibility should lie with the bank, while 45 per cent said banks should take sole responsibility.
Comments
There are 5 comments. Join the discussion
1. anonymous
I don't think that banks themselves take the subject as seriously as they should. My major bank's passwords only accept basic numbers or letters - no special characters are allowed; how simplistic is that?
2. Graham Coles
I think the fact they are using passwords says it all - these are trivial to compromise with a man in the middle attack.
In the rush to use web access, banks are presumably relying on users to manually verify the ssl certificate of the banking site - like that's going to happen!
Perhaps instead of attempting to use two factor authentication with simple token generators they should provide smart card readers with a simple pin pad. This would be a lot harder to fool, even if the pc has been taken over. But then we are talking about 21st century banks that still require a 3 day clearance on cash transactions!
3. Simon
It's about time the banks woke up and started following their own advice. They keep warning about phishing attacks - but then they send out marketing blurb by email, and tell you to click on the links !
It's about time they got together and agreed a standard for some sort of token key. It's got to be common between them (I don't want a pile of different tokens), and it's got to be cross-platform compatible (Internet Exploder and Windoze not used here thank you !)
4. anonymous
We all agree that security authetification has to be upgraded (2 factors, token, ...)
It thing the main issue is how can we integrate security management in the concept on service oriented architecture (SOA) and the perspective of Identity management which include strong authentification. Legacy system can't be removed so easely and user have acess with different right to different platform. I can we convience canadian bank of the benefit of this approach if theire is non pression from the consumer, no specific laws/audit or quick ROI?
5. Benjamin M
Banks don't have to drive home safety...all Banks now have Deposit Agreements and Disclosures that Indemnify the Bank and it's employees and agents and third party services against all losses. Only the customer takes the loss. banks only liable for negligence or willful misconduct and how can you prove that....