Business Online Banking Risks - Banks Need to Proactively Educate Customers
Create a vendor selection project & run comparison reports
Click to express your interest in this report
Indication of coverage against your requirements
A subscription is required to activate this feature. Contact us for more info.
Celent have reviewed this profile and believe it to be accurate.
17 March 2010Jacob Jegher
I just returned from the Digital Insight National Client Conference in San Antonio. I was invited to speak on social media for banking, and I also took some time to attend several of the sessions. One of the sessions I attended was a panel discussion with a group of four commercial businesses. These middle market firms discussed various cash management and online banking issues and described how they run their businesses. Eventually the discussion turned to security and the moderator asked the firms about their security best practices. Each firm described their setup and one of the businesses described a fraudulent incident where a keystroke logger was installed on a computer used for online banking. Three out of the four panelists were unaware of the rash of business online banking fraud that has hit the market (see my blog entries on this here and here). I asked the panel if their financial institution had contacted them recently to make them aware of some of the risks, or if their financial institution had implemented new policies or solutions that they would be required to adopt. The answer of all four businesses - a flat out no. Their banks had not contacted them recently about anything related to security. Needless to say I was not entirely surprised, but I was frustrated by the situation. Business banking is very much about relationships. Banks should be investing in these relationships and at the very least should be providing educational tools and support to their customers. Given what is going on in the market, security education isn't an option but a strict requirement. Even with the various warnings and advisories that have come out it appears that banks aren't doing enough to proactively educate their customers. There is a lot at stake and just this week several agencies have issued an ACH and wire fraud advisory. I agree with most of the points of the advisory. However, there is nothing mentioned regarding security education in the section called, "Actions for Financial Institutions." Additionally, the recommended best practice for businesses is to use a dedicated computer for online banking. This is completely unrealistic and counterproductive. Before you know it we will all need to have separate computers to login to facebook, another to send email - you get the pictures. This scare tactic also has the potential to reduce business online banking adoption. Proactive and ongoing security education, smart practices (e.g. setting dual approval, limits) coupled with multiple layers of security solutions can solve a good chunk of this problem.