Fears of identity theft have left increasing numbers of consumers wary of banking online, according to a survey released by Entrust, an Internet security firm.
The report, presented in New York Tuesday at a forum on identity theft claimed that 18 percent of Americans who have banked online now do so less, or not at all, due to security concerns.
The survey -- based on data collected from 710 people during the week of October 17 -- found that roughly one-third of respondents have doubts about the legitimacy of the banking Web sites they regularly visit, fearing that they may be phony sites set up by criminals.
Not surprisingly, nearly all respondents, 94 percent, said they would be willing to use additional security measures such as stronger authentication methods.
A Compounding Problem
Jonathan Penn, an analyst at Forrester Research, said consumers should be concerned. Although it only accounts for 10 percent of all identity theft, he said, online identity theft is growing faster than any other type.
The problem, according to Penn, is that banks only focus on direct losses at their respective institutions.
"They do not look at the losses to a consumer arising from rectifying any bad charges if there's related credit-card fraud and especially the losses attributable to cleaning up [a consumer's] credit standing," Penn said.
To address the trend, the Federal Financial Institutions Examination Council (FFIEC) recently issued an updated guidance to its 2001 paper, "Authentication in an Electronic Banking Environment."
The interagency body -- whose members represent the Federal Reserve, the Federal Deposit Insurance Corporation (FDIC), and the National Credit Union Administration, among others -- is requiring financial institutions to provide several layers of identity verification before granting consumers access to their online accounts by the end of 2006.
Security analysts are in general consensus that the financial community is in the vanguard in terms of online security. Some 53 million consumers in the U.S. pay bills, check their balances, and conduct other banking transactions online.
But in the wake of several high-profile cases of identity theft, consumers are jittery, analysts said, despite the fact that 90 percent of ID theft occurs offline.
The Federal Trade Commission estimates that around 10 million Americans are the victims of ID theft each year.
However, none of those cases was the direct result of an online banking breach, said Rob Ayoub, a Frost & Sullivan analyst. Rather, he said, the problem lies with vendors and other third parties.
"There is some overreaction," said Ayoub. "It has a lot to do with education. The biggest problem we have right now is mostly consumer and user education."
ABCs of Online Banking
Most Internet identity theft occurs because consumers frequently are more trusting online than they would be face-to-face, Ayoub said. People are "giving away too much personal information," Ayoub said, "using the same password on all their accounts or having a password that is too easy to guess."
He said that banks should embark on a campaign to educate customers about the risks of online banking as well as provide steps to make online ID theft less of a threat.
"Why aren't the banks explaining the rules of the game in online banking?" Ayoub said. "Why don't they have flash screens at ATMs on the safety of their technology and steps for using it properly?"
Graham Cluley, a security analyst at Sophos, agreed that consumers need to be better educated, and said that a little caution is a good thing because it "reminds people to take care online."
Banks are as concerned as customers about online security, Cluley said, and constantly are exploring technologies to protect consumers. He pointed to cases in which banks have given customers authentication tokens, so that "even if their passwords and PINs get stolen by spyware, hackers will not be able to gain access to their accounts."
However, Cluley said, even with banks taking positive actions to reduce consumer fears, ultimately it is up to individuals to protect themselves by running up-to-date antivirus, antispam, and antispyware software, and by taking advantage of properly configured firewalls and security patches.
"If users and businesses take proper care over their computers, and act sensibly, then they should be able to reap the advantages of online banking without compromising their security," Cluley said.