Consumers fail to meet banks' online security demands: study
Many consumers who manage their money through online banking services may be unaware of their financial institution's strict security requirements, thereby jeopardizing their eligibility for fraud reimbursement, according to a study out of Ottawa's Carleton University.
"All the time [the banks] say it's safe, and secure and simple, but consumers should be a little bit cautious about those marketing messages," lead researcher Mohammad Mannan, a computer sciences graduate student, told CBCNews.ca.
"They should check whatever is recommended and required by their bank, and then decide whether they can follow all the advice and recommendations."
Mannan will present the study at the New Security Paradigms workshop in New Hampshire on Tuesday.
The study asked 123 participants to open a personal chequing account at CIBC, RBC Royal Bank, TD Canada Trust, Scotiabank or BMO Bank of Montreal in October and November 2006. Mannan said the gap between banks' expectations and users'habits waspronounced.
69% of bankers failed to change passwords
While 76 per cent of users have a firewall on their machines, less than half of users always use anti-spyware programs to protect their home computers.
About 30 per cent of participants met cache-clearing requirements and 69 per cent said they did not change their passwords regularly. The study also found 65 per cent of participants did not read the online banking agreements and 85 per cent were unable to state the conditions for reimbursement guarantees.
"We found that many security requirements are too difficult for regular users to follow, and believe that some marketing-related messages about safety and security actually mislead users," the study said.
Mannan said banks will demand proof that you met their security requirements should a breach occur.
"With credit cards, there is a maximum liability of $50 and with most cards it's just waived," he said. "But with online banking, it may not be that simple. The bank may ask 'Did you fulfil these requirements?' It's a bit difficult, it's not exactly the same sort of guarantee that you can get with your online transactions with credit cards."