The biggest security problem facing online banking is that people, to paraphrase Mr. Spock, are highly illogical. The most convenient answer is to make them take ownership of their banking activities. That approach, however, will be a non-starter in the marketing and sales departments.
The counter-intuitive nature of customers is driven home by a study of online and mobile bankers in the United States and United Kingdom conducted by Accenture. The study, according to a report in Bank Systems & Technology, says 88 percent of respondents believe that bad habits such as sharing or improperly disposing of sensitive information lead to identity theft. It's good that they understand that. It's not so good that almost half say they've done this.
These folks also have short fuses. A quarter say that they would leave their bank if a breach occurred. Younger bankers -- age 18 to 34 -- are particularly volatile. The study says that these folks feel they should be able to put their sensitive data on the Internet and that it is the bank's responsibility to keep it safe. Forty-three percent would leave their institution immediately if security is compromised.
This is a feel-bad article at IT Security, at least from the perspective of banking executives, about the overall safety levels of their organizations. The piece covers a lot of ground. One executive points to end users as the biggest problem, while elsewhere the writer discusses the dangers of employees targeted by spear-phishing and other social-engineering attacks.
The writer says smaller institutions may skip annual security audits, which hardly seems like a great strategy for success. Bigger institutions also can lack the money and people power to adequately monitor access technologies and ensure that employee comply with policies. The writer lists some steps that can be taken, including educational programs and providing antivirus software to customers.
Banks and financial institutions certainly need to think about the security of mobile banking. Early this year, Opinion Research Corp. performed a survey that suggests customers -- particularly younger ones -- are becoming more comfortable with the process. The survey -- which was reported upon in an AP story posted at MytleBeachOnline.com -- found that 21 percent of customers between 18 and 34 years of age use their cell phones to bank. This compares to about 10 percent of the general population.
The story says that the Aite Group, a research firm, predicts that mobile banking grew from "a negliable number" at the end of 2006 to 1.7 million users at the end 2007. The number will rise to 8 million by the end of this year and more than quadruple -- to 35 million -- by 2010.
Though security is not directly addressed, CSOs and their staffs should find plenty of interesting material. The bottom line is that banks want to accelerate their mobile-banking initiatives during the next two years. The piece discusses some of the coming applications. Currently, mobile banking is limited to SMS, downloaded programs and the mobile Internet. One key challenge moving forward is to set interoperability standards. The end point, still three to five years away, is the use of a phone as a payment device in retail locations.
The key to not losing banking customers -- either the kids or older online bankers, who presumably have a bit more patience -- is to not suffer security breakdowns.
Monitoring employees is a big part of the effort, and eWEEK says it is one of the few areas in which spending is increasing. According to Gartner, that category -- known as e-discovery -- will grow from $52.45 million to $760.5 just between 2007 and this year. The category is described as use of computers to read employees' e-mails, listen to calls and analyze chat sessions. Scandals breed security upgrades and, in this case, it is doubly true: E-discovery is being pushed by corporate scandals, such as Adelphia and Enron and the subprime crisis this year.