Most UK users of internet banking services are dangerously complacent about the danger posed by phishing scams, and expect their banks to take responsibility for the risks, industry experts warned today.

Benjamin Ensor, senior financial services analyst at Forrester Research, said: "Internet users do not know what to think about online banking security. Without the technical knowledge to judge the severity of security threats like keystroke-logging and phishing (or much interest in acquiring that knowledge) people struggle to reach a balanced judgment.

"The result is that about half of the UK's internet users are either complacent or paranoid about online banking security, and UK banks still face big communication and security problems."

Perhaps more worryingly, Forrester suggested that complacent customers are easy targets for fraudsters.

Although many UK surfers have taken some basic precautions, their lack of interest in learning more about threats like identity theft smacks of complacency rather than vigilance, according to the analyst.

Forrester said that banks need to educate customers about online fraud, restrict the functionality on some accounts, and use customer profiling to defend against security threats. They also need to deploy stronger internet banking authentication.
Forrester believes that, far from taking comfort from internet banking users' often misplaced confidence in their security measures, UK banks should be worried.

"Phishing and keystroke-logging prey on the customer and the customer's PC, not the bank's systems," the analyst firm stated.

"But although many internet users have heard about these threats, they want banks to solve the problem without their involvement, ideally with a blanket guarantee against fraud.

"Forrester recommends that banks address the extremes of paranoia and complacency in their customer bases by deploying two-factor authentication, continuing customer education efforts, helping users police their own accounts, and letting customers know that they are taking action."

Ensor pointed out that much of the work that banks carry out to combat fraud rightly remains behind the scenes.

"But banks must also let customers know that they are taking action to boost their confidence in online banking security," the analyst said.

"Banks have to tread a delicate path between reassuring customers and revealing so much information that they undermine their own defences or create vulnerabilities."

Forrester's most recent UK Internet User Monitor survey found that about 600,000 UK internet banking customers have given up online banking as a direct result of security fears.

Another fifth of internet users - more than six million people - say that security fears mean that they won't ever use online banking, further hindering banks' efforts to persuade them to migrate to the internet.