Poll shows lax security could cause customer exodus

According to a new Entersekt poll, 85% of U.S. adults with banking accounts are at least somewhat concerned about online banking fraud, which can include phishing, malware, man-in-the-browser, and brute-force attacks.

At the same time, 71% of U.S. adults would be at least somewhat likely to switch to a different bank if they became a victim of online banking fraud at their current bank.

This survey was conducted online within the United States by Harris Interactive on behalf of Entersekt, a provider of transaction authentication technology, May 14-16, among 2,052 U.S. adults, aged 18 and older.

“According to RSA’s 2013 report, ‘The Year in Phishing’, online banking fraud is a nationwide epidemic in which banks, which lost $1.5 billion in revenue last year from phishing attacks, are simply accepting losses instead of proactively adapting their defenses,” says Christiaan Brand, chief technology officer at Entersekt. “What makes the issue complicated is the increased sophistication of hackers, but technology aimed at thwarting attacks is evolving too.”

According to the poll, almost six in 10 (58%) U.S. adults would be at least somewhat willing to take an active role in securing their online banking transactions if this meant using their mobile phones to authenticate activities, such as purchases, logins, transfers, or bill payments.

There is no shortage of products in the market that promise reliable consumer authentication. The most popular systems employ one-time passwords (OTPs), usually delivered to banking customers through hardware tokens or via text or automated voice messages on mobile phones.

“The fundamental flaw these products share is that they continue to rely on browser-based communications back to the bank,” says Brand. “Banks are in the unenviable position of having to juggle robust security with consumer demand for convenient access. OTPs deliver neither.”

According to the poll, Americans access their accounts online ten times per month, on average. Each of these logins is either an opportunity for hackers to steal valuable, personal information, or an opportunity for a bank to protect its customers and reputation.

Entersekt’s authentication system, Transakt, exploits a public/private key infrastructure to generate secure, isolated authentication loops between financial institutions and their individual customers’ mobile devices. Within this secure channel, industry standard electronic certificates are used to digitally sign bank customers’ responses to real-time Accept/Reject transaction confirmation requests.