According to survey results, majorities of nearly 1,700 consumers in eight countries said they were ready to start using stronger authentication technologies that went beyond the traditional user name/password, wanted their banks and brokerage houses to monitor online banking transactions for suspicious activity, and were familiar with the term "phishing."
The fourth-annual online poll conducted by RSA, the security division of storage maker EMC, traced the ongoing slide in consumer trust: 82% of account holders said that they are less likely to respond to e-mail from their bank because of phishing scams. The results in 2005 and 2004 were 79% and 70%, respectively.
That apparently doesn't mean consumers are ready to abandon online banking, however. More than nine out of every 10 people surveyed said they would be willing to deal with more than just the usual user name/password authentication if it meant stronger security. The group was split almost evenly between those would be "very willing," and others who said they were "somewhat willing" if the sign-up process was "simple."
Consumers were even more divided when it came to what kind of stronger authentication they want. Nearly three out of four (73%) voted for "risk-based" authentication, which is an institution-side assessment of the user's identity based on such things as log-on location, IP address, and transaction behavior.
Forty percent claimed that they would like a hardware token for authentication; 56% said they'd accept image-based authentication, where the bank or brokerage presents an image that's been agreed upon by both the consumer and the institution. A missing or incorrect image tells the consumer he's at a bogus site, not the real online banking log-in.
One disturbing result was that only 39% of account holders said they were aware of their financial institution using some form of additional security, such as personalized images, risk-based authentication, or one-time password token.
"As awareness of identity theft and online fraud grows, people want to feel reassured that they are in fact protected," said Christopher Young, general manager of RSA's consumer group, in a statement. "While most consumers don't want to be burdened with security, they still would like to know they are secure, and as we can see, they are willing to embrace the technology."