Welcome to the Q2ebanking Blog

Introducing the Elephant in the Room - Online Banking Security

Posted by Jay McLaughlin on Tue, Apr 23, 2013 @ 09:04 AM

If your financial institution does not have risk and fraud concerns for the online banking channel then this blog series will not be of any assistance to you. Keep a look out the next few weeks for more information on security including the challenge, assessing security and being prepared. 

First off, if your financial institution’s reputation does not matter then I have some suggestions for you. To start, have your account holders create passwords that are easy to remember such as:

  • Children’s or pets names
  • Birthdays
  • Simple number sequences
  • Or have them attach sticky notes next to their computer with the password
15431424 s resized 600

In regard to challenge questions, encourage they make personal information readily available on social networking sites and click on any unverified links. Maybe they can also misguidedly download Trojans with funny names like ZeuS (not the Greek god), Tatanga (not a dance), or Oddjob (not a James Bond nemesis). Just remember when it comes to online risk and fraud, when it happens, your account holders will likely look to your institution for answers.

You see your very own account holder — too trusting, too frenzied, and sometimes too careless — is now the weakest link in the online banking process. Did you know that for every fifth person you know, one is infected?  Well at least their computer is. The Anti Phishing Working Group estimates that 17 percent of U.S. desktops are infected with some type of malware or password stealer. Microsoft recently proclaimed, "One out of every 14 programs downloaded is actually malware." Talk about going viral!

The bottom line is that you cannot rely on anyone’s computer or online device being secure. For your financial institution, this means you could be a passive bystander, not wishing to panic your accountholders, or a proactive watch guard of their transactions with a few effective changes and the right partner.

Choosing the right options for online account security comes at a critical time. The number of households that use online banking grew to 72.5 million and those utilizing electronic bill pay grew to 36.4 million, according to a recent consumer survey. Usage is up because this channel is now the most preferred way for accountholders to interact and transact with a financial institution. At the same time, people are busier than ever and struggle to keep track of difficult-to-recall user IDs and passwords while protecting themselves at all times. Fraudsters realize this and take advantage of the growing popularity of the echannel to set their traps to commit fraud.

The archetypal Depression-era bank thief, John Dillinger was well known for his sophisticated social engineering schemes, which ranged from posing as a bank-alarm system salesman to pretending to film a “bank robbery scene” in order to stake out potential bank marks. For his efforts, Dillinger swiped several hundred thousand dollars from 1933-1934.

Compare that to the faceless ZeuS – called the 'most dangerous Trojan virus ever created,' according to some experts. ZeuS Trojans attack through “men-in-the-browser” agents that grab variables from a browser session, such as during online banking transactions that they use to steal information, or worse.

Financial institutions may not be held accountable for any financial losses today, but their reputational loss has no such limitations. Online banking is so crucial that once an institution’s trust is compromised, accountholders have no reason to stay. Consumers are used to 24/7 online service and they expect 24/7 protection (even from themselves). Simply put, community banks and credit unions could and should do much more to protect accountholders as well as their financial institution’s own standing.

Now that you know all of this, what should be your next step? Stay tuned for the next blog posts to find out! 

Tags: online banking security, online fraud, antiphishing, bank fraud, financial fraud