Despite banks' best efforts to improve online security, their defenses are only as strong as their customers' security habits. Unfortunately, even though consumers recognize their role in keeping their sensitive information safe, they often don't take the necessary precautions — and still hold their financial institutions responsible for a security breach, according to a new Accenture study.
The global consulting firm's survey of U.S. and U.K. consumers' Internet security perceptions reveals that consumers have a Jekyll and Hyde attitude toward online security. While 88 percent of survey respondents believe that personal irresponsibility (i.e., the improper sharing or disposing of sensitive information) is the cause of identity theft, nearly half admit to laxness in password security practices — such as using the same password on multiple accounts. Still, one in four respondents would close a bank account immediately if a security breach occurred (see related chart, below). Accenture surveyed 800 U.S. and U.K. consumers who regularly use a broadband or high-speed Internet connection at home.
In addition, younger banking customers are more likely to leave their financial institutions in the event of a security breach — 43 percent of U.S. consumers ages 18 to 34 would close their accounts right away, according to the survey. Rob Dyson, an Irving, Texas-based senior executive with Accenture Technology Consulting's global security practice, says the attitudes of younger generations toward online services present a particular challenge for banks.
Young consumers are so comfortable with technology that they'll put all kinds of personal information on social networking sites, Dyson notes. "They feel they should be able to use technology to extend themselves freely." Additionally, they have "high expectations that those servers are secure," and won't hesitate to change banking relationships if those expectations aren't met. Understanding those expectations, Dyson continues, is the key to the success of banks' online efforts. Consumers expect that "banks are putting appropriate security and controls in place," he adds — even if users don't do their parts. "That's the challenge banks have."
Biometrics Are Part of the Solution
One way banks are meeting that challenge is by deploying biometrics, and consumers appear willing to use the technology. Suggesting that a fingerprint reader would improve the security of online transactions, the Accenture survey reports that about half of the survey participants who transport their laptops outside of work or home said they would be interested in such a solution — if their financial institutions provided the device.
"The big push for banks right now is a biometric card — like a universal ID card," says Dyson, who believes the answer lies in a combination of identity management tools. "The offspring is the whole area of soft token technology and biometrics," he explains. A soft token is a software security device — a virtual version of hardware keys or hard tokens.
Tim Callan, VP of Mountain View, Calif.-based VeriSign's SSL business unit — which offers Extended Validation (EV) Secure Sockets Layer (SSL) Certificates to banks to improve users' confidence in online transactions — compares consumers' attitudes toward online banking with their attitudes toward snakes. "Most [snakes] are harmless. But most people don't know which ones are safe, so they just don't pick up any snakes," he says.
A study conducted last year by Javelin Strategy & Research (Pleasanton, Calif.) found that 150 million U.S. consumers don't bank online because of security concerns, which translates to approximately $8.3 billion in lost bank profits annually.