One word aptly describes the
attitude of a large proportion of online banking users: careless.
This conclusion appears inescapable following release by US online
security specialist Trusteer of the results of its study into the
use of online banking passwords.
The study spanned a 12-month period and
covered 4 million users of Trusteer’s Rapport browser security
service, many of whom are customers of leading North American and
European banks. Major findings of the study were:
• Up to 73 percent of users share the
passwords which they use for online banking with at least one
• Around 47 percent of users share both their
user identification (ID) and password with at least one
• When a bank allows users to choose their own
user ID, 65 percent of users share this ID with non-financial
• When a bank chooses the user ID for its
customers, 42 percent use the bank-issued user ID on at least one
Trusteer warned that the widespread reuse of
online banking credentials is being exploited by criminals who have
devised various methods to harvest login credentials from less
secure sources, such as webmail and social network websites. Once
acquired, these usernames and passwords are tested on financial
services sites to commit fraud.
“Our findings were very surprising, and reveal
that consumers are not aware, or are choosing to ignore, the
security implications of reusing their banking credentials on
multiple websites,” commented Amit Klein, Trusteer’s CTO and head
of its research organisation.