That doesn't mean there are no banks willing to take on the risk.
Moven, the brainchild of fintech entrepreneur Brett King, is one of the only a few domestic financial services startups that is even toying with the idea. In addition to Facebook, the early stage company is also planning to allow people to tie their bank accounts directly to Twitter. (Keep in mind that Moven has yet to launch, and has only just begun to beta test its technology in a limited release.)
"The benefits, for us, outweigh the potential risk," says King. "The fact is that Facebook's login platform is still magnitudes more robust than most Internet banks."
Still, Moven is employing those extra layers of security that Sturgill says are so important.
King says Moven plans to hedge against cybercrime by requiring multi-factor authentication any time someone wants to move cash. That includes an additional PIN number and a one-time password.
"The use of a social sign-in is twofold," King says. "One, it expedites the process of sign-in because it's a common platform. Secondly, we can use the Facebook identity to expedite [Know Your Customer protocol] because we can draw information out of the profile, also we actually use it as part of the identity check."
He highlights Gartner research that says in two years roughly half of new retail customer identities will be based on their social network identities, up from about 5 percent today.
There may be some truth to that, says Bradley Leimer, who leads digital channel strategy for Northern California-based Mechanics Bank, in an email to American Banker.
"The more I look at Facebook's authorization and reliance on open standards for encryption, and then compare to some existing bank credential code, I am fairly convinced that large fintech providers aren't necessarily doing any better job in physically coding and securing authorization than many of the social sites," he says. "Which means it is only a matter of time before we see larger scale breaches — all of it's testing our networks," he says. "I'm actually amazed we don't have more breaches that involve account data."
Regardless, bankers need to make those risk decisions for themselves, says Jim Marous, a senior vice president of corporate development at digital direct marketing agency New Control, and author of the Bank Marketing Strategy blog.
"I think this is all uncharted territory. It's one thing to have a small or a midsize bank overseas use Facebook sign-on or Twitter sign-on," he says. "But I think you move the needle exponentially when you talk about a large bank [in the U.S.] doing this where there is more risk."
An inquiry sent to Facebook's press office seeking comment was not immediately answered. A tweet sent to Twitter was not answered, either. An email sent to LinkedIn also received no response.
