This article is brought to you by Retail Technology Review: Trusteer Finds that Two Thirds of Internet Users Reuse their Online Banking Credentials on Other Websites.
Trusteer, the customer protection company for online businesses, reported today that the vast majority of online banking customers reuse their login credentials to access non-financial and much less secure websites.
Trusteer found that 73 percent of bank customers use their online account password to access other websites, and that 47 percent use both their online banking user ID and password to login elsewhere on the Internet. These findings are based on a sample of more than 4 million users of the Rapport browser security service, many of whom are customers of leading North American and European banks.
This widespread reuse of online banking credentials is being exploited by criminals who have devised various methods to harvest login credentials from less secure sources, such as webmail and social network websites. Once acquired, these usernames and passwords are tested on financial services sites to commit fraud.
Trusteer based its research on data collected over a 12 month period from millions of Rapport users in North America and Europe. Rapport protects online banking credentials, recognizes when users attempt to submit them to other websites, and warns them not to do so. The reports key findings include:
73% of users share the passwords which they use for online banking, with at least one nonfinancial website
47% of users share both their user ID and password with at least one nonfinancial website
When a bank allows users to choose their own user ID, 65% of users share this ID with nonfinancial websites
When a bank chooses the user ID for its customers, 42% use the bank issued user ID with at least one other website
The full report is available at http://www.trusteer.com/sites/default/files/cross-logins-advisory.pdf
Using stolen credentials remains the easiest way for criminals to bypass the security measures implemented by banks to protect their online applications, so we wanted to see how often users repurpose their financial service usernames and passwords, said Amit Klein, CTO of Trusteer and head of the companys research organization. Our findings were very surprising, and reveal that consumers are not aware, or are choosing to ignore, the security implications of reusing their banking credentials on multiple websites.
Recommendations
For consumers:
Maintain at least three sets of credentials: the first set to be used only with financial websites; the second set to be used with nonfinancial sensitive websites that hold information about your identity; the third set to be used with non-sensitive websites that do not maintain confidential information about the user. Memorizing three sets of credentials is not difficult, yet significantly improves a users level of security.
For financial institutions:
Identify customers who use their bank login information on nonfinancial websites and:
- Educate them to avoid this risk
- Set your risk engine to higher sensitivity for these customers
Add a Comment
No messages on this article yet