RSA Security Announces Key Findings from Annual Financial Institution Consumer Online Fraud Survey
- 15 March, 2006 14:20
<p>RSA Security (NASDAQ: RSAS), today released key findings from its annual Financial Institution Consumer Online Fraud Survey. Conducted in November 2005, the online survey asked 402 U.S. adults for their opinions on online banking authentication and e-mail fraud, such as phishing.</p>
<p>Key results of the survey include:
• 73% of account-holders believe that financial institutions should replace username-and-password log-in with stronger authentication for online banking
• 89% of account-holders would like their banks to monitor online banking sessions for signs of irregular activity or behavior – similar to the way that credit card transactions are monitored today
• 59% would like their bank to contact them when something suspicious is detected
• 79% of account-holders are less likely to respond to an e-mail from their bank due to scams including phishing; this is up from 70% in the 2004 survey
• 65% of account-holders have seen either ‘a slight increase’ or ‘no change’ in the amount of phishing e-mails they have received.</p>
<p>The RSA® Anti-Fraud Command Center (AFCC), which scans over 1 billion e-mails per day confirms: the number of phishing attacks has remained close to 2,500-3,300 attacks per month for the last eight months, with only a small increase each month</p>
<p>“It is important to preserve the speed, simplicity, ease of use and convenience of the online banking channel. Consumers seem to feel comfortable with the notion of their financial institution monitoring their online activity and contacting them when something suspicious is detected, just as they've become accustomed to for years in the credit card space” said Chris Young, senior vice president and general manager of RSA Consumer Solutions.</p>
<p>Account-holders want stronger authentication, but with a focus on ease-of-use</p>
<p>When asked for their views on online banking authentication, 73% of respondents answered that they feel banks should use some kind of stronger authentication than basic and static usernames-and-passwords for online banking. When presented with several options, including hardware tokens, watermarks for mutual authentication, and risk-based authentication, the majority of respondents (74%) selected risk-based authentication as their preferred method. Risk-based authentication involves a behind-the-scenes assessment of the user’s identity based on factors including log-on location, IP address and transaction behavior – which can be supplemented with out-of-band phone calls or secret questions for transactions that are deemed high-risk.
- 43% responded that they would use a token if the bank provided one for free.
- 55% responded that they would like to use a watermark for reverse authentication; 46% felt that it is most important to see the watermark on any computer they log-in from, and not just their primary computer.</p>
<p>Account-holders expect their banks to monitor online banking activity</p>
<p>According to the survey, 89% of account-holders would like their banks to monitor online banking sessions for signs of irregular activity or behavior – similar to the way that credit card transactions are monitored today, and 59% feel that banks should contact them if any suspicious activity is detected. In addition, 52% felt that their bank should be liable for fraud executed within the online banking site.</p>
<p>Trust in the e-mail channel continues to drop; phishing is here to stay</p>
<p>79% of account-holders expressed that, as a direct result of scams such as phishing, they are less likely to respond to an e-mail from their bank – up from 70% in November 2004. In addition, 65% of account-holders have seen either a slight increase or no change in the amount of phishing e-mails they have received. The Company’s 24x7 AFCC concurs that the amount of phishing attacks it has monitored has hovered around the 2,500-3,300 per month mark for the past eight months, with only a slight increase each month. This is in contrast to its November 2004 survey, in which consumers said that the number of phishing attacks had doubled between April and November 2004. While this trend affirms that the explosion of phishing attacks seen in 2004 has died down, it also confirms that phishing is not a passing trend: it is an entrenched type of fraud that is not going away.</p>
<p>The survey also shows that account-holders are looking to their banks and their ISPs to protect them from phishing: 45% of account-holders feel that an ISP blocking service for phishing would be effective, and 68% would like their ISP to offer such a service.</p>
<p>The surveys mentioned were commissioned RSA Security and administered by Infosurv, an online market research company.</p>
<p>About RSA® Consumer Solutions
RSA® Consumer Solutions, a division of RSA Security Inc., offers proven solutions for online banking and e-commerce that range from adaptive authentication – with risk-based technology, one-time-passwords and transaction-signing – to anti-phishing services and real-time transaction monitoring that controls fraud and manages risk. The company’s eFraudNetwork™ community is the world’s most effective cross-bank collaborative online fraud network. Today, many of the world’s top 50 banks, including nine of the top 12 banks in North America and the UK, use RSA solutions to protect approximately 430 million consumers.</p>
<p>About RSA Security Inc.
RSA Security Inc. is the expert in protecting online identities and digital assets. The inventor of core security technologies for the Internet, the Company leads the way in strong authentication and encryption, bringing trust to millions of user identities and the transactions that they perform. RSA Security’s portfolio of award-winning identity & access management solutions helps businesses to establish who’s who online – and what they can do.</p>
<p>With a strong reputation built on a 20-year history of ingenuity, leadership and proven technologies, we serve approximately 20,000 customers around the globe and interoperate with more than 1,000 technology and integration partners. For more information, please visit www.rsasecurity.com</p>
Kinetics Pty Ltd
02 9212 3848
- Australia only has 7 percent of the cybersecurity expertise that it needs
- After Linux DoS alerts, Cisco warns security devices can be remotely attacked too
- Should big business help smaller suppliers improve their cybersecurity?
- Software Security is in the Wild West (and it’s going to get us killed)
- Cyber crime is going nuclear – here’s what your business can do about it