Non-Bank Online Personal Finance Sites Offer Look Into Future Of Online Banking, But Open The Door For Identity Theft
Needham, MA - 24 June 2008
A new crop of nonbank online personal finance sites combining traditional account aggregation services with Web 2.0 concepts is garnering considerable attention from the media and gaining users. The sites provide a novel approach to aggregating and managing multiple aspects of an individual’s financial life online. However, new TowerGroup research finds that they are often missing one critical component – adequate fraud prevention capabilities to protect both the consumer and the bank from account takeover and identity theft.
The host of online personal finance Web sites that have emerged in recent years – including such names as “Banzai”, Mint, and Wesabe – leverage intuitive user interfaces to offer personal financial management (PFM) tools, some level of financial advice, and, in many cases, social interaction. In contrast to the online account aggregation services offered by several large traditional banks, these new sites leverage consumers’ propensity for online interaction and information sharing to provide services and insights beyond those of most online banking portals. The services include innovative ways to view personal financial information, the opportunity to see how others manage and spend their money, and, in some instances, free financial advice from experts or the user community at large.
“Consumers are often drawn to these new offerings by attractive interfaces and compelling market campaigns,” said George Tubin, senior research director of the Delivery Channels and Financial Information Security practices at TowerGroup. “By incorporating state-of-the-art Web technologies and community-sharing features like Web forums and blogs, these sites seek to tap into individuals’ desire to interact, share, learn, and belong to a like-minded community.”
However, Tubin cautions that most of the new sites pose a security risk because they protect the user’s information with only a username and password – a method known as single-factor authentication. TowerGroup believes that these nonbank online personal finance sites will likely become the next target of phishers and other fraudsters looking to gain easy access to consumer banking data to commit bank fraud – particularly given that most bank sites have already moved to multifactor authentication and aggressive consumer education concerning security.
New online personal finance sites must comprehend the sensitive nature of their customer data and bolster their current data and Web security capabilities with stronger online authentication technologies. In addition, TowerGroup believes that the Federal Trade Commission (FTC) should consider adopting regulations and guidance imposed by the federal banking regulators, specifically the 2005 FFIEC guidance regarding online authentication, relative to the governance of these and other online sites.
“Notwithstanding the security concerns, TowerGroup believes that consumer banks will watch this market space closely, and will either adopt similar capabilities or partner with new independent players or acquire them,” added Tubin. “Bringing together the fresh approach of these new online personal finance sites with banks’ traditional product, service, and security capabilities could lead to a compelling new combination currently unmatched in the industry.”
The new research, titled, “The Impact of Online Personal Finance Offering: The Good, the Bad, and the Ugly,” explores the consumer benefits and security issues of the new online personal finance offerings – as well as their expected impact on traditional financial services players like banks.