Is online banking too dangerous?

The Australian Bankers' Association and the Australian Federal Police this week launched a national education campaign to warn Internet banking consumers to protect their information online.

The campaign -- constituting advertisements in newspapers and free consumer fact-sheets -- is due to roll out over the next three weeks.

It contains the messages ZDNet Australia's  obviously tech-savvy readers have heard many times -- install and keep up to date anti-virus software and firewalls, never give out your password, delete spam e-mail and don't access Internet banking from a link in an e-mail.

However, of more concrete use is likely to be a two-stage method of identifying Internet banking customers, set to be introduced across ABA member institutions later this year, which may supplement passwords with tokens and mobile phone alerts.

There is no question Australia's banks are anxious to boost community confidence in their online channels. They have reaped savings worth millions by paring down their bricks and mortar branch networks and replacing them with much cheaper Internet and telephone services. Around 8 million Australians now use Internet banking, with quarterly transaction levels up around the 200 million mark. However, online identity theft has the potential to cripple community confidence in Internet banking, with the inevitable consequence being a greater load on more expensive distribution channels.

Professor Bill Caelli, who heads the Queensland University of Technology's School of Software Engineering and Data Communications, warned in March last year that online banking was fraught with danger and said home personal computers were "no longer safe" from which to conduct transactions. The harsh reality is that, since his remarks, online identity theft techniques are moving ahead apace -- this week, ZDNet Australia  reported on an incident of 'pharming,' a variant of phishing -- and tech security companies and law enforcement authorities are struggling to catch up. The well-publicised move of organised crime into hacking and online scamming, with financial reward rather than notoriety among peers the aim, has increased the threat exponentially.

These worrying developments are happening as consumers appear to be having difficulties with their security obligations as they stand now. According to the Australian Consumers' Association, the requirements associated with updating virus protection software and changing passwords and personal identification numbers are presently proving too much for consumers. In a recent statement, the ACA said consumers "struggle to keep up with such expectations and are uncertain of their rights". Such a statement sits slightly uneasily with comments by the ABA this week that "all users of the Internet have a responsibility to protect themselves against Internet crime, in the same way they buy cars with safety and security features to protect themselves, anti-virus and firewall protection should be installed on the home or business computer".

ZDNet Australia  asked Ben English, Microsoft's security lead, this week, whether the preponderance of social engineering scams was eroding consumer confidence in activities such as online banking. He told your writer that if people "practise safe browsing, then the threats are manageable".

The ABA and its member banks will be keenly hoping that their efforts preserve customer confidence in online banking. However, the jury is still out on what confidence levels will be like as the level and sophistication of online crime increases.

What do you think? Is Internet banking under threat from rampant online identity theft? Are vendors and security experts expecting too much from consumers in keeping their anti-virus and anti-spam software and firewalls up to date? E-mail us at edit@zdnet.com.au and let us know.