How does a typical U.S. consumer make sure the online banking website they are using is legitimate? Not enough, apparently. They check that the website looks familiar — that all the branding, colors and layout are similar to what they've seen before. That's a finding of a survey conducted by Melbourne IT, a global domain registrar and digital brand services company that polled 1,007 U.S. consumers about e-commerce and online banking habits.
Obviously this is not comforting — fraudsters have proven they can easily create convincingly real-looking bank websites. In a typical phishing expedition in September, online banking customers of Southbridge Savings Bank received an email purporting to be from the bank telling them to update their account information. The email included a link to a fake version of the bank's website, where customers were asked to enter their user name, password and other identifying information.
Even more sophisticated vetting techniques that users frequently deploy can be overcome by scammers.
While almost half (47%) use the "looks familiar" litmus test, a surprisingly large percentage — 46% — say they check for a padlock symbol on their Web browser, another element that can be scammed. A solid 42% look for the prefix https:// in front of the Web address, which also doesn't ensure a website isn't a fake.
Forty-five percent check to make sure the Web address at the top is correct; this is the number that supports Melbourne IT's business of registering domain names. If customers are willing and able to verify that a bank's URL is correct, that might make the roughly $200,000 annual expense of registering and maintaining a top-level domain name, such as onlinebanking.hsbc, worthwhile.
The survey also found that 75% of U.S. consumers are confident that their banking or financial information is secure when they make online transactions, while 20% are not confident (5% said they don't know or cannot judge).
Despite their concerns about security, these consumers seem to want the websites they visit to store some information about them — 49% said they prefer to visit websites that remember their preferences and display information relevant to them, 35% said they don't care if the website is personalized or not and 16% say they prefer to use websites that display generic information.