Shostack + Friends Blog Archive


The Internet Channel, at Risk

Lack of trust in online banking among U.S. consumers is a serious constraint because of doubts about banks’ security measures, according to eMarketer’s new report, “Online Banking: Remote Channels, Remote Relationships?”

The result is a slowing rate of adoption, with online banking households increasing by only 3.1% in the last quarter of 2005 — the lowest increase in three years. The number of online banking households as a percentage of total online households is pretty stagnant, too. It is expected to grow by just 4 percentage points between 2006 and 2010. (“Consumers Losing Trust in Online Banking.“)

I’ve been saying for a while that the internet channel is at risk, and that banks ought to take drastic action to reverse things before it goes into decline. Remember that security is hard to measure, and consumers use proxies rather than clean measurements of security. So brand trails reality, often by a fair amount. If the idea spreads that online banking isn’t trustworthy, it will take massive investment to reverse.

One final detail from the press release:

Being able to trust a banking site is extremely important to customers, with more than 87% saying in an Ipsos Insight survey that they wanted assurance that the bank would not sell their personal information…

Seems like a market differentiator made in heaven: “__’s privacy promise: We won’t sell, rent, or loan you. You’re a customer, not eyeballs to be monetized.” Where can I sign up?

One comment on "The Internet Channel, at Risk"

  • Iang says:

    Since mid 2001, afaik. Curiously, the 2nd phishing event against a financial institution was a “post 9/11 id check” of some form. It took a year or two for the model to work itself out. By now however, the original threat has exploded in a dozen different directions, and the history is just a cute story.
    So the question is, what are banks going to do about it? There are two known choices for today’s known threat model
    1. stop online banking
    2. move to transaction authorisation over a second channel
    It’s a two horse race! European banks are chosing the 2nd, some slower than others. US banks aren’t at the starting gate yet, they’re thinking about last year’s race, the 2-factor authentication model, because that’s what the brochure says.

Comments are closed.