The state of security in digital banking

Aug. 29, 2022
Why it’s on banks and consumers to keep accounts secure

Digital banking is skyrocketing in the U.S. as more than three-quarters of the population (around 200 million users) manage their finances from a computer or a phone. And with the rise in ubiquitous online banking comes new security risks that must be acknowledged and addressed. In fact, the US alone saw over 1800 significant data breaches that were publicly reported in 2021, emphasizing how vulnerable users are to security risks.

Quantum Metric’s recent retail banking survey reinforces the need for improved cybersecurity, finding that 31% of banking consumers have recently dealt with data security issues - either by having their account hacked, or their credentials were stolen. While hackers are becoming more advanced online, there are a number of precautions that both consumers and banks can implement to better protect accounts and other sensitive information.

The evolution of digital payments is changing how we manage our finances, sparking new demands for heightened security.

Digital banking is transforming the way people send and receive money. Instead of having to physically manage their finances in local bank branches, consumers can easily transfer their funds from anywhere, and with only a few clicks. Also, many Americans now rely on apps like Venmo or Zelle to instantly send money to others. Our survey found that nearly three in four users (72%) make P2P payments to friends, family and even local businesses, with 42% doing so at least once a week.

With private banking information now accessible online, banks and consumers must heighten cybersecurity to ensure their sensitive data is not compromised. Without proper precautions, bank accounts and other private information can fall into the hands of hackers relatively easily. This is why it’s important for consumers to comprehend the do’s and don’ts of digital banking, especially as adoption grows.

Before setting up an online bank account, users must understand that securing their identity and digital accounts is paramount. If a person is only relying on a simple username and password to access their funds, it’s possible for a hacker to guess or compromise this information and transfer money out of their account. While this may seem obvious to some consumers, others – especially older generations – are new to online banking and may not know the best ways to protect themselves. In fact, many people over the age of 60 said that they used digital banking for the first time during the pandemic.

Banks are helping by embedding security precautions into the online experience – better protecting accounts, customers and themselves.

While digital banking transactions can expose consumers to cyber risks, it’s a form of banking that isn't going anywhere. To help users safely transition, financial institutions should educate customers on how to securely use digital banking platforms and encourage them to set up features such as multi-factor authentication, SMS or email alerts, and fraud monitoring to prevent suspicious online banking activity.

Internet websites are constantly being breached, and entire password databases are being bought and sold on the underground market. And today's hackers are well-versed in testing stolen credentials to log into as many sensitive websites as possible, including online banking. As a result, consumers can no longer solely rely on a username and password for protection. When a user sets up multi-factor authentication on their online bank account, any logins or suspicious activity would need to be authorized with a second factor, such as a text message, FaceID or email verification code. Multi-factor authentication is especially important, as many people still reuse the same login credentials across multiple websites, instead of making unique passwords for their various online accounts.

In addition to added authentication, users can take advantage of security alerts, which allow banks to immediately notify the customer, via text or email, whenever a significant banking event or a deviation from someone’s normal banking activities occurs. This includes situations like a new device logging into an account, a money transfer over a specified amount, or bank balances dropping below a certain threshold.

All of these measures help enforce that an authorized person is actually logging in from their own device, and to their own account. With a combination of security alerts, multi-factor authentication and caution, even if a user’s credentials were stolen or guessed, the hacker would have an extraordinarily difficult time committing serious fraud against the bank account.

In addition to providing their customers with the right security tools, banks can also utilize a digital analytics platform to better understand their customers' online banking experience and identify specific pain points customers face when trying to set up security controls on their profile - whether due to technical errors or confusing user experience (UX) designs. Once banks identify what’s preventing customers from properly setting up their security controls, they can design the most user-friendly experience that encourages customers to intuitively turn on valuable security features. Moreover, if customers have any setup roadblocks that drive them to back out of turning these features on, banks can pinpoint exactly where that occurred, so they can revise the process and flow, and help future consumers seamlessly finish the setup process.

Banks can’t stop vulnerabilities alone – consumers must also adopt better cyber hygiene practices

While banks have deployed measures to keep their users’ accounts secure, consumers play an important role, too. Digital banking users must practice proper cyber hygiene and take advantage of enhanced security features that guard their accounts.

Cyber hygiene keeps accounts safe, but many Americans don’t practice it or don’t understand what it means. For example, nearly one in three (30%) of respondents who use a password only change it once or twice a year, with an additional 23% admitting to never changing their password. Unfortunately, many people just don’t realize how easily a fraudster can trick an everyday user into revealing their bank account details. The consequences of this could be detrimental: their accounts could be hijacked, their identities stolen, or their bank accounts completely drained. And to make matters worse, some of these actions can take many years to remediate.

The good news is that once consumers understand the serious implications, proper cyber hygiene is easy to practice. To greatly reduce the risks of a bank account getting hacked, consumers can take simple steps like ensuring only trusted, genuine mobile apps are installed from the official App Store, as well as setting up a strong PIN, TouchID and FaceID to protect their mobile devices. They must also be hyper-vigilant around unsolicited calls, texts and emails from their bank, or any entity for that matter. If online banking users make more of an effort to incorporate these steps into their everyday life, they will dramatically increase account protection.

We already addressed how most banks allow customers to set up monitoring and security alerts in their profiles, but the problem is that many consumers don’t take advantage of these features. By enrolling in alerts, consumers can take real-time action against potential hacks, as well as keep a closer eye on their financial activity. Considering two in five consumers (41%) check their bank accounts almost once a day, this makes it more likely for users to spot fraudulent activity in real-time.

Banks usually offer invaluable information on best practices for cybersecurity on their website. For those looking for extra cybersecurity knowledge and tips, educational resources provide information on steps to protect themselves from hacks and breaches. Trusted education technology platforms offer a variety of courses on cybersecurity that use layman's terms to describe all the ways one can be socially engineered on the Internet, as well as the best cyber hygiene practices.

No matter your age, financial history or experience with digital banking, every user should be working in tandem with their bank to be sure that their account is as protected as possible. When both sides are making a meaningful effort to take extra precautions, hackers will be stopped in their tracks from accessing sensitive financial information.

About the author: Reza Zaheri is the Chief Information Security Officer at Quantum Metric. Reza was Director, Digital Forensics, Incident Response and Security Awareness at AT&T, and Director, Digital Forensics, Incident Response and Security Awareness at DirecTV. Reza joined Quantum Metric in 2021.