According to Forrester Research (Nasdaq: FORR), even though most UK Net users ¿ and particularly those who use Internet banking ¿ are aware of security threats like phishing and keystroke logging, most aren¿t that worried by the threats and expect their banks to deal with the problem. Even so, the most recent Forrester UK Internet User Monitor (UKIUM) survey shows that about 600,000 Internet banking customers have given up online banking as a direct result of security fears. According to Forrester, banks can¿t rely on the complacent majority of their Internet banking customers to prevent successful attacks. Instead, they need to educate customers about online fraud, restrict the functionality on some accounts, and use customer profiling to defend against security threats ¿ as well as deploying stronger Internet banking authentication.
According to Benjamin Ensor, Senior Analyst, Financial Services at Forrester Research: ¿Net users don¿t know what to think about online banking security. Without the technical knowledge to judge the severity of security threats like keystroke logging and phishing ¿ or, frankly, much interest in acquiring that knowledge ¿ people struggle to reach a balanced judgment. The result is that about half of the UK¿s Net users are either complacent or paranoid about online banking security. So UK banks still face big communication and security problems.¿
In addition to those that have given up Internet banking as a result of security fears, another fifth of Net users ¿ more than 6 million people ¿ say that security fears mean that they won’t ever use online banking, hindering banks¿ efforts to persuade them to migrate to the Net.
Perhaps more worryingly, complacent customers create easy targets for fraud. Although many UK Net users have taken some basic precautions against fraud, their lack of interest in learning more about threats like identity theft or how to protect themselves smacks of complacency rather than vigilance.
Forrester believes that, far from taking comfort from Net users¿ confidence in their security measures, UK banks should be worried. Phishing and keystroke logging prey on the customer and the customer¿s PC, not the bank¿s systems. But although many Net users have heard about these threats, they want banks to solve the problem without their involvement ¿ ideally with a blanket guarantee against fraud.
Banks Need A Range Of Tactics To Defend Against Fraud
Forrester recommends that banks address the extremes of paranoia and complacency in their customer bases by deploying two-factor authentication, continuing customer education efforts, helping users police their own accounts, and letting customers know that they are taking action.
Ensor concludes: ¿Much of the work that banks do to combat fraud rightly remains behind the scenes. But banks must also let customers know that they are taking action to boost their confidence in online banking security. Banks have to tread a delicate path between reassuring customers and revealing so much information that they undermine their own defenses or create vulnerabilities.¿
The report mentioned in this release, What UK Net Users Think About Phishing, is available to Forrester WholeView 2¿ clients.