Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

<b>RSA Announces Findings of Annual Consumer Online Fraud Survey</b>

  • 29 January, 2007 17:03

<p><i>Consumers say ‘Username-&amp;-Password’ must go: 91% of account-holders are willing to use stronger authentication methods offered by financial institutions</i></p>
<p>Trust in the online channel continues to drop: 52% are “less likely” to sign-up for or use online banking; 82% are “less likely to respond” to banking-related e-mails</p>
<p>RSA, The Security Division of EMC, (NYSE: EMC) today released the findings of its fourth annual Financial Institution Consumer Online Fraud Survey. Conducted in December 2006, the online survey[1] asked 1,678 adults[2] from eight countries[3] around the world – including Australia – for their opinions on evolving fraud threats such as phishing, vishing and keylogging, and on the efforts of their financial institutions to strengthen remote channel banking authentication.</p>
<p>Key results of the survey include:</p>
<p>· 91 percent of account-holders answered that they are willing to start using a new authentication method, beyond the standard 'username-and-password', if their banks decided to offer stronger security</p>
<p>· 73 percent commented that they would like their financial institution to use risk-based authentication</p>
<p>· 69 percent of account-holders believe that financial institutions should replace username-and-password log-in with stronger authentication for online banking</p>
<p>· 58 percent of account-holders believe that financial institutions should deploy stronger authentication for telephone banking</p>
<p>· 82 percent of account-holders would like their banks to monitor online banking sessions and telephone banking sessions for signs of irregular activity or behavior – similar to the way that credit card transactions are monitored today</p>
<p>· While many financial institutions have begun moves to deploy stronger authentication over the past year, only 39 percent of account-holders are aware of it</p>
<p>· Less than 70 percent of respondents in the UK (69 percent) and in Australia (65 percent) claimed to be familiar with the term ‘phishing’ – compared to 83 percent in the US</p>
<p>In addition, trust in the online channel continues to erode. The survey found that 82 percent of account-holders are less likely to respond to an e-mail from their bank due to scams including phishing – up from 79 percent in 2005 and 70 percent in 2004 – and more than half said that they would be less likely to sign-up for or use online banking as a result. In addition, 44 percent of account-holders reported that they have become increasingly concerned about other types of attacks (besides phishing), such as Trojans and keyloggers, over the past six months.</p>
<p>“2006 was an eventful year for financial institutions in terms of ramping up their online banking security. Our survey affirms that the market is moving in the right direction, with more than 90 percent of consumers now willing to use stronger security when it is deployed, and this is something that banks should take into consideration when looking to accelerate their business,” said Mark Pullen, Country Manager, RSA Security Australia and New Zealand. “We anticipate that 2007 will bring new steps forward in online banking security, albeit in the context of an evolving threat landscape that is driving the need for added protection in other remote channels – with a focus on telephone banking.”</p>
<p><b>Account-holders want stronger authentication</b></p>
<p>When asked for their views on online banking authentication, 69 percent of respondents answered that they feel banks should use something stronger than basic and static usernames-and-passwords; more than half (58 percent) want banks to ramp up telephone banking authentication as well.</p>
<p>Moreover, 91 percent of account-holders responded that they would be willing to start using a new authentication method, beyond the standard username-and-password, if their bank decided to offer stronger security. Also 43 percent said they would be “very willing and would proactively sign up for the service,” and another 48 percent said they were “somewhat willing and would sign-up if they had the time and it was a simple process.”</p>
<p><b>Opinions vary on preferred method of authentication</b></p>
<p>When presented with several authentication options, including hardware tokens, personalised images, and risk-based authentication, the majority of respondents (73 percent) commented that they would like their financial institution to use risk-based authentication. Risk-based authentication involves a behind-the-scenes assessment of the user’s identity based on factors including log-on location, IP address and transaction behaviour – which can be supplemented with out-of-band phone calls or secret questions for transactions that are deemed high-risk. Risk-based authentication is designed to provide strong security with minimal impact on the user experience – a concept that resonated extremely well with the survey respondents.</p>
<p>Globally, 40 percent responded that they would like to use a hardware token for authentication. Account-holders in European and Asia-Pacific countries such as Spain, Germany, Singapore and India were the strongest advocates for this technology, with between 46 and 50 percent responding that they would like to use tokens.</p>
<p>Approximately half of all respondents (49 percent) agreed that – assuming their bank decided to use tokens for online authentication – they would appreciate it if they could use the same token to log-in to other web sites, in addition to their online banking site.</p>
<p>More than half (56 percent) responded that they would like to use a personalised image to authenticate the online banking site to the user, and 53 percent felt that personalized images would provide them with an increased sense of security. A personalised image is selected by users and used to help verify that they are in fact on their bank’s legitimate site and not a fraudulent one.</p>
<p><b>Most consumers unaware of additional security</b></p>
<p>Despite the fact that consumers want added security and are willing to use it, only 39 percent of account-holders answered that they were aware of their financial institution using some form of additional security (personalised images, risk-based authentication, one-time-password devices). In fact, U.S. financial institutions faced a 2006 year-end deadline to start enhancing online security set by the Federal Financial Institutions Examination Council (FFIEC). According to a Gartner survey of 50 U.S. banks conducted in October and November 2006, two-thirds of U.S. banks are already compliant with the FFIEC's Guidance on Stronger Authentication in an Internet Banking Environment[4], in time to meet the 2006 year-end deadline. Moreover, another 30 percent planned to achieve compliance in the six months after the survey was taken, or by May 2007[5].</p>
<p>Based on a survey conducted by the Aite Group, 92 percent of the top 10 retail brokerages and 12 of the top 50 U.S. banks have already selected vendors for user-authentication, fraud-detection and transaction-monitoring solutions, and approximately 50 percent of financial institutions are expected to have additional security measures in place by the end of 2007[6].</p>
<p>Mark Pullen also commented: “The consensus used to be that security is something that should be handled quietly – and that consumers trust their financial institution to keep their information and assets safe. However, as awareness of identity theft and online fraud grows, people want to feel reassured that they are in fact protected. Our experience shows us what our survey results affirm: educating consumers about new security measures in place, even if they are invisible to the consumer, is advisable and would be regarded positively by the bank’s customers. While most consumers don’t want to be burdened with security, they still would like to know they are secure, and as we can see, they are willing to embrace the technology.”</p>
<p><b>Account-holders expect banks to monitor remote channel banking activity</b></p>
<p>According to the survey, 82 percent of account-holders would like their banks to monitor online and telephone banking sessions for signs of irregular activity or behaviour – similar to the way that credit card transactions are monitored today; 51 percent feel that banks should contact them if any suspicious activity is detected online; 48 percent felt the same for telephone banking as well. British account-holders felt the strongest in this regard with 93 percent claiming they would like their online banking monitored, compared to a figure of 70 percent in France.</p>
<p><b>Trust in the online channel drop; concerns about threats on the rise</b></p>
<p>As financial institutions work to accelerate their businesses by driving additional people online and introducing new online features and functionality, the survey results indicate that security must be addressed in order to maintain trust in the Internet and boost consumer confidence online.</p>
<p>Four out of five account-holders expressed that, as a direct result of scams such as phishing, they are less likely to respond to an e-mail from their bank. In addition, more than half of the survey respondents (52 percent) said that they would be less likely to sign-up for or use online banking at all as a result of these scams.</p>
<p>The RSA surveys mentioned above were administered by Infosurv, an online market research company.</p>
<p>For a full copy of the latest edition of the research, please email sarah@kinetics.com.au</p>
<p>Following this consumer survey, RSA Asia Pacific plans a business-to-business survey in February 2007 that will focus on ‘How secure is your enterprise online?’. Results will be announced in March 2007.</p>
<p><b>About RSA</b></p>
<p>RSA, The Security Division of EMC, is the expert in information-centric security, enabling the protection of information throughout its lifecycle. RSA enables customers to cost-effectively secure critical information assets and online identities wherever they live and at every step of the way, and manage security information and events to ease the burden of compliance.</p>
<p>RSA offers industry-leading solutions in identity assurance &amp; access control, encryption &amp; key management, compliance &amp; security information management and fraud protection. These solutions bring trust to millions of user identities, the transactions that they perform, and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com</p>
<p>RSA is either a registered trademark or trademark of RSA Security Inc. in the United States and/or other countries. EMC is a registered trademark of EMC Corporation. All other products or services mentioned are trademarks of their respective companies.</p>
<p><b>For more information, please contact:</b></p>
<p>Sarah Mulvin</p>
<p>Kinetics Public Relations</p>
<p>Tel: (02)9212-3848</p>
<p>Email: sarah@kinetics.com.au</p>

Most Popular

Market Place