Banking Review

Cyberwars forum stimulates debate

RaboPlus has laid down the gauntlet to its competitors over online banking security.

Probably the most amusing comment of the many that stimulated debate at last weeks Cyberwars forum was Bryan Inch comparing online banking to faulty cars.

Inch told the audience during a panel discussion alongside ANZ’s Jim Karvounaris and NAB’s Kaylene O’Neill “If you were a car manufacturer and you knew that at over 150 kilometres an hour the wheels would fall off, and you didn’t tell customers, then you’d be sued. And yet here we are, we know some of the crimes like the threat of man-in-the-middle, and there’s technology to prevent that, but we’re not putting it in place.”

An interesting discussion was had on why banks are deploying point solutions rather than an industry wide effort to address identity fraud. Competitive issues and the difficulty of building the infrastructure required seem to be the main issues standing in the way.

In the short term it looks like we’ll be seeing more institutions promoting their security solutions as a competitive differentiator.

The old education approach seems to be dead with both Inch and O’Neill admitting they are now simply assuming all consumer PC’s have been hacked.

“We almost assume that the customer is compromised anyway because so many people out there are” says O’Neill.

Inch says this makes the issue of making customers liable (currently being debated in New Zealand) redundant. “We basically assume that the home PC is hacked, or that people want to do their banking from an Internet café, so we don’t have the issue of whether the bank’s liable or not.”

Customers could well be left asking why it is ok to use an Internet café to bank online with one bank but not another. If anything, it will get customers used to the idea of a risk/convenience trade off as they become more familiar with using different, and sometimes more complex security devices, to access online banking.

All the stats (including those published by both RSA/Datamonitor and RaboPlus/TNS last week) are pointing to customers demanding alternatives to basic user name and password. The RaboPlus survey found 78 per cent want upgraded security measures and the RSA survey found 90 per cent would prefer increased authentication, and 50 per cent would proactively seek banks that offer it.

I’ll have more on the Cyberwars forum in the next few days, and of course in the next issue of Online Banking Review.