More than nine out of ten (91 per cent) bank account holders are willing to use new authentication methods that go beyond the standard 'username-and-password', if their banks decided to offer stronger security, according to vendor RSA.
In addition, trust in the online channel continues to erode. Some 82 per cent of account holders are less likely to respond to an email from their bank due to scams including phishing – up from 79 per cent in 2005 and 70 per cent in 2004 – and more than half say they are less likely to sign-up for or use online banking as a result.
In addition, 44 per cent of account holders said they have become increasingly concerned about other types of attacks (besides phishing), such as Trojans and keyloggers, over the past six months.
'2006 was an eventful year for financial institutions in terms of ramping up their online banking security. Banks should take these findings into consideration when looking to accelerate their business,' said Christopher Young, vice president and general manager, Consumer Solutions at RSA.
When presented with several authentication options, including hardware tokens, personalised images, and risk-based authentication, the majority of respondents (73 per cent) commented that they would like their financial institution to use risk-based authentication.
Risk-based authentication involves a behind the scenes assessment of the user’s identity based on factors including log-on location, IP address and transaction behavior – which can be supplemented with out-of-band phone calls or secret questions for transactions that are deemed high-risk.
Risk-based authentication is designed to provide strong security with minimal impact on the user experience – a concept that resonated extremely well with the survey respondents.
Globally, 40 per cent responded that they would like to use a hardware token for authentication. Account holders in European and Asia Pacific countries such as Spain, Germany, Singapore and India were the strongest advocates for this technology, with between 46 to 50 per cent saying they would like to use tokens.
'The consensus used to be that security is something that should be handled quietly – and that consumers trust their financial institution to keep their information and assets safe,' said Young. 'Our experience shows us what our survey results affirm: educating consumers about new security measures in place, even if they are invisible to the consumer, is advisable and would be regarded positively by the bank’s customers.'
What do you think? Email us at feedback@computing.co.uk
Further Reading:
Alliance and Leicester launch two-factor authentication
reader comments