Year end is always a great time to reflect and assess resolutions, improvements and goals, which makes me think about major improvements banks and financial organizations have made towards security in the last year. Most companies are doing everything they can to make sure the customer has a safe, secure and somewhat enjoyable/hassle-free experience with online banking. My question is, is the customer doing everything to make sure they are safe?
Most financial organizations rant and rave about personal relationships because that is what everyone wants. With regards to security I feel like I have seen almost everything that organizations are doing to make sure that customers are safe. Granted they have to do it to maintain our business but they are still doing it.
A relationship can be defined as a connection, association, or an involvement. This seems to be the case when a customer decides to join a bank and partake in its services including online banking.
Let’s be real, we have all heard the same schpeel:
- “https” in the address bar
- locked padlock icon
- unusual verbiage/look
- don’t use weak passwords
- don’t use public computers etc.
How many of us really care about our security and are doing our part in the relationship to make sure we can be secure? Let me explain:
Over the last week or so I have been conducting an informal survey. I have been asking people about their online banking experience and what their major concerns and such are. This group included personal users and business owners alike. I also noted that almost all were privy to the above ‘things to look out for’ but when it came to action every single one failed to observe any of the above checks. In fact, most of them have never changed their passwords that I’m pretty sure were weak to begin with.
Surprisingly a standard answer I kept hearing was “well my bank will give me my money back if I lose it so I’m not too worried”. Which almost made me wonder, with that attitude how much could they really care? Almost seems like a one sided relationship to me. Not only that, being a security engineer myself I’m guilty of it.
For one I need to be more proactive than reactive. If not, I feel like banks will continue to just force us to be by adding more tools, software, notices and training till it becomes second nature. Maybe we ourselves are causing this….Is it time we cooperated a little more?