Internet Changes Everything

Online security: can you bank on it?

Online security: can you bank on it? - Connected Business - Times Online

Phishing and other financial scams carried out online can often deter customers from using financial websites. As Sara McConnell reports, providing proper security is a must for modern business

You are choosing between two online banking services. Both have similar rates, accounts and services, and both are major players on the high street.

But one has recently made the headlines because its online security has been breached and hackers have gained access to millions of customer account details. Its refusal to talk to the press or discuss the steps it will take to stop similar problems occurring in future (on the grounds of security, of course) has kept the story going longer. By contrast, its rival is happy to discuss its commitment to online security and keeping your personal and financial information safe.

Which of these two (fictional) banks would you choose, asks Richard Starnes, the director of incident response for managed security at Cable & Wireless. "If I was an internet bank, I would be happily promoting my bank as a secure place to do business."

With growing numbers of individuals and companies buying, selling, trading and banking online, a reputation for good security and tight risk management is becoming an increasingly important selling point. Customers who would have been reluctant to provide credit or debit card details to internet sites a few years ago now do so readil,y but only if they trust the site to hold the information securely, with back up systems in place so that the business can continue even if it is a victim of hi-tech crime.

Companies are starting to recognise that their brand and reputation can be severely damaged by online crimes such as hacking and data theft, especially when these become public knowledge. "If I was CEO of a bank and my website was hacked into and £500,000 stolen, that’s nothing to a financial institution. What is damaged is the brand," says Mr Starnes.

In a survey carried out last year by the National Hi-Tech Crime Unit, nearly 20 per cent of firms questioned said the impact on share price and reputation of computer crime was their greatest concern, with finance and IT firms most likely to put this top of the list.

Of the UK’s 42 million bank customers, 15 million now manage their accounts online. Banks are acutely aware of how quickly they can lose customers and damage their reputations if they do not act quickly when there is a problem. Sandra Quinn, of the Association for Payment Clearing Services (APACS), which speaks for the banking industry on fraud and risk management, says: "Customers don’t mind banks closing down a service temporarily but they’re worried about no one taking any action. Yes, there are threats, but yes, your money is safe. Banks need to keep this at the forefront of customers’ minds."

Tracy Goodyer, of Barclays, which has 4.2 million online customers, says: "We’re constantly reviewing our security. Risk is a game we’re into and we take security very seriously. Banking is part of people’s every day lives and from a reputational point of view security breaches would be very serious."

But many companies still see security as a cost and a regulatory necessity rather than as good business, says Mr Starnes. Too few companies have IT ssecurity experts in senior positions and a formal written security policy. The National Hi-Tech Crime Unit discovered that nearly half of the 201 companies questioned have no formal procedures in place to deal with computer crime and nearly a quarter did not carry out audits to check security processes and spending were working properly.

"Companies are taking security more seriously but they haven’t really understood the business benefits. I don’t think they believe that having a good corporate asset protection programme is differentation between one company and another for customers," says Mr Starnes.

March 16, 2005 at 09:18 PM in Phishing & identity theft | Permalink | TrackBack (1) | Top of page | Blog Home