Tighter Online Banking Guidelines Echo Consumer Concerns

October 2005

U.S. banks that offer online account access have gotten a hard shove toward more stringent security practices — a push that comes not a minute too soon for worried American consumers.

New guidelines released by the Federal Financial Institutions Examination Council (FFIEC) on 12 October call on banks to strengthen their single-factor authentication systems — generally based on a simple username/password combination — by adding a second form of authentication. The FFIEC guidelines, laid out in a document entitled "Authentication in an Internet Banking Environment," increase the pressure on financial institutions to make online banking and financial services more secure — even if, as many banks fear, the changes may also make authentication less convenient for Internet banking customers.

The Fed Weighs In

The FFIEC is an interagency council created to develop standards for government bodies to use in auditing financial institutions. Among the heavyweight government entities following FFIEC auditing standards are the Federal Reserve System and the Federal Deposit Insurance Corporation (FDIC).

Strictly speaking, banks are not legally obligated to follow the new guidelines, and the FFIEC document does not mandate a specific authentication technology. However, the guidelines do suggest technologies that banks might implement to beef up their current authentication schemes, including biometrics, tokens, and one-time passwords. And, in a pronouncement that gives the FFIEC guidelines much greater weight, representatives of the Federal Reserve have noted that financial institutions will be expected to measure up to the new auditing standards by the end of 2006 — and will be written up by examiners if they fail to comply.

Fearful Consumers Express Increasing Concern

The move by the FFIEC comes as researchers find new evidence that consumers fearful of identity theft have strong concerns about online banking — and are, in fact, significantly more worried about online delivery of financial services than about e-commerce in general. A June 2005 survey found 57.4% of online households extremely concerned about the risk of online banking, whereas only 48.4% had the same level of concern about purchasing products online (The Conference Board, TNS NFO, June 2005).

Other consumer surveys have found similar concerns. In a survey published in September 2005 by EDS and Ipsos Reid, 81 percent of US consumers cited identity theft as the main barrier to banking online. Other factors — each cited by more than half of those surveyed — included fear of fraud in general and the risk of account intrusion.

Threats to Online Banking According to US Consumers (as a percentage of respondents — data collected May 2005)

Identity theft — 81% Fraud — 59% Risk of network transaction and account intrusion attacks — 57% Insufficient encryption of sensitive data — 48% Phishing — 44% Insufficient data security policy and enforcement — 41%

Of survey respondents: 79% use online banking 21% do not use online banking 25% have household income of $100,000 or more

More Evidence of Falling Confidence

A survey of Internet users by Forrester Research found that concerns about data security (44 percent) and privacy (43 percent) were the top obstacles keeping people from banking online. In the same study, 34 percent of respondents expressed a preference for traditional branch banking — a preference that could prove costly for financial institutions looking to increase profit margins by cutting employee and infrastructural overhead.

A study from Informa Research Services gives another indication of consumers' diminishing confidence in the security of online financial transactions. According to the Informa study, the percentage of consumers who believe financial transactions conducted over the Internet are safe and secure has fallen from 70 percent in 2003 to 59 percent in 2005 — dropping back to within three points of the 2001 figure of 56 percent — meaning that two in five now think online banking may put them at risk.

Security Breaches Worsen Consumer Worries

Increased concern by consumers about online banking has only been made worse by a series of bank-related security breaches affecting such gargantuan financial institutions as Bank of America, Wells Fargo, and JP Morgan Chase — not to mention the CardSystems credit card data hack, which potentially compromised the personal data of as many as 40 million individuals. Against that sorry background, the FFIEC guidelines — despite the difficult choices they impose on U.S. financial institutions — may turn out to be a blessing in disguise. .

©2003-2010 Identity Theft 911, LLC. All rights reserved.

.
.