The steady drumbeat of headlines, studies and reports about identity theft, phishing and pharming attacks and other breaches of banks' and customers' data in the past couple of years has made the Web a challenging operating landscape for banks. Deloitte Touche Tohmatsu's 2006 Global Security Survey of large financial institutions, mostly banks, found 82% reporting that they had experienced a breach of their security systems. And 72% of those institutions said they had been victimized by an external breach. The most common external breaches were viruses and worms, phishing and pharming attacks and spyware or malware.
Among the tools banks have deployed are anti-virus software, firewalls, virtual private networks, spam-filtering solutions, content filtering and monitoring, access-management systems, network-penetration tools and vulnerability management systems. But banks are increasingly considering or rolling out stronger forms of encryption, multiple authentication methods, anti-phishing software, wireless-security systems and biometrics.
For example, Canada -- based TD Bank Financial Group, with more than 4.5 million online customers, is offering customers of its Easy-Web Internet-banking service free anti-fraud online software from Symantec to identify and stop phishing scams. "Phishers" use phony websites and email to lure bank customers into providing them with personal financial and account information.
Some threats are less real than people imagine, though. "In spite of the extent and perception of security threats for Internet banking, bankers are more than convinced on the need to capitalize on the advantage offered by the Internet," says Vaidya. "Banks have found that the perception of a threat is much higher in the minds of the customers than the actual threat." And those customers still want to be able to do everything online, do it instantly and access online services any time, anywhere. Younger consumers are particularly Net savvy and demanding of faster, more convenient online services -- and they are the people who will be seeking home mortgages, car loans, credit cards and other banking products down the line.
Feeding the need for speed, the Citibank Direct online bank, rolled out in March, offers consumers located anywhere in the United States the chance to open an account in less than 10 minutes. It uses real-time decision-making and identification verification. Once signed up, Citibank Direct clients can access all its products and services, including savings and checking accounts as well as debit and credit cards, and access Citibank's more than 900 branches and 3,100 ATMs. Customers can also check balances, pay bills, transfer money and open new accounts.
"Citibank Direct [is] a major part of our commitment to ensure that customers can reach us anywhere, any time, and in any way that they want to do business with us," says Catherine Palmieri, managing director of Citibank.com. Citibank says it will launch Citi Mobile, a mobile-phone-enabled banking service, later this year.
Banks are getting more sophisticated in their efforts to cater to consumers who want to be able to bank across multiple channels 24/7. For example, Standard Bank of South Africa has introduced "speech banking." A speech-recognition system allows clients to access their accounts and process transactions without having to talk to anyone. Bank officials say it is like Internet banking without touching a keyboard or keypad.
As services mature, the Web is steadily building an increasing share of bank-product sales. For instance, United Kingdom -- based Alliance & Leicester says that in 2005 over 30% of its core retail banking products were sold via the Internet. That was up from 20% in 2004. Alliance & Leicester has seen the number of total transactions carried out over the Internet nearly double from 2004. It now has more than a million registered Web-banking customers.