Page last updated at 09:33 GMT, Tuesday, 13 November 2007

Fears over online banking checks

By Mark Ward
Technology Correspondent, BBC News website

Briefcase full of cash, BBC/Corbis
Fraudsters are keen to get at online bank passwords

Complicated security checks could be undermining confidence in online banking, warn experts.

Security extras such as number fobs, card readers and password checks might make consumers more wary of net bank websites, they fear.

The warning comes as research shows how phishing gangs are targeting attempts to grab customer login details.

But the UK body overseeing net banking says figures show criminals are getting away with less from online accounts.

Security check

In a bid to beat the bad guys many banks have added extra security checks to the login name and password typically used to get access to an account.

Some, such as Lloyds, have trialled number generating key fobs and Barclays is trialling chip and pin card readers. Others have tried systems that check a customer's PC and then ask that person to select which image they chose from a set they were shown previously.

But, said Garry Sidaway from ID and authentication firm Tricipher, all these checks could be making consumer more nervous about using online banking.

"The banks have to make this channel secure," he said, "but there is crumbling confidence in it."

Computer keyboard, Eyewire
Many phishing gangs try to install key loggers to grab data
Andrew Moloney, financial services market director for RSA Security, said banks were well aware that their efforts to shore up security around online banking could have a downside

"It registers as a concern," he said, "there could be too much security and there's a danger of over-selling a new technology."

"This is not just about combating fraud," he added. "It's about customer retention rates, user experience and customer satisfaction."

The misgivings about beefed up security around online banking come as the UK government's Get Safe Online campaign issues a survey which shows the risks people are taking with login details.

These lax practices could prove costly as cyber fraudsters gradually shift their attention to Europe following moves in the US to combat phishing.

In late 2005 the US Federal Financial Institutions Examination Council (FFIEC) issued guidelines which forced banks to do more to protect online accounts.

Phishing statistics show a rapid move by the fraudsters to European banks and, said Mr Moloney, to smaller European banks using less protection.

Lists of phishing targets gathered by security companies show a huge shift away from big bank brands such as Citibank and Bank of America to Sparkasse, VolksBank and many others.

A spokeswoman for the Association for Payment and Clearing Services (Apacs) which oversees online banking said its figures showed that the message about safe banking was getting through.

Statistics released in October indicated that online banking fraud (including phishing) for the first six months of 2007 was down 67% over the previous year.

During the same time period the number of phishing attacks rose by 42%.

"The reason we are seeing that fall, despite the increase in phishing attacks, is because consumers are becoming more aware of how to protect themselves," said the spokeswoman.

"But," she added, "what we are still seeing happening is people falling foul of phishing attacks."

The spokeswoman urged people to be careful with login details to bank accounts and exercise caution when using e-mail and the web.

Print Sponsor

Social networkers warned of risk
12 Nov 07 |  Technology
Anger at ministers' e-crime reply
30 Oct 07 |  UK Politics
Fraudsters 'phish' for bank info
19 Oct 07 |  Glasgow, Lanarkshire and West
Surge in credit card fraud abroad
03 Oct 07 |  Business
Bank issues net security device
02 Oct 07 |  Business
Many net users 'not safety-aware'
25 Mar 07 |  Technology
Online banking fraud 'up 8,000%'
13 Dec 06 |  UK Politics

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific