A test conducted by Kaspersky Lab has shown that many users do not know (or know, but do not follow) basic security rules when making online payments or using online banking systems. For example, only half of users check if a website is authentic before entering their financial details, while almost a third consider it completely unnecessary to take any measures to protect their money online.
The test, conducted online, included a number of potentially dangerous situations that users often encounter on the Internet, including online financial operations. Over 18,000 users completed the test.
Participants were asked to select one of four fictitious banking sites to enter their account details. Only half of the participants were able to recognize the truly secure site with an unmodified name (changes to an organization’s name are a common giveaway of phishing) and the https prefix indicating an encrypted connection. Moreover, 5% of respondents selected sites with a misspelt address, which suggests they are potentially fake pages created to steal financial data from users.
Users were then asked what steps they would take before entering their financial data to make an online payment. Only 51% of respondents said they verify the authenticity of a site. 21% of those surveyed use a virtual keyboard to protect their passwords from interception by malware, while 20% check their security solution is working properly to ensure the payment is secure from any outside interference.
Almost a third of users (29%) said they would take no additional action because "the websites of big, well-known companies are sufficiently protected". However, in most cases even a protected site cannot guarantee that cybercriminals will not interfere in the payment process or that a device is not infected by a malicious program designed to steal money. 11% of respondents would use "incognito" mode to protect a payment, 4% would resort to an anonymizer, and 7% of those surveyed would repeatedly enter and wipe the data "to confuse viruses". Unfortunately, these actions do nothing to protect a user’s financial information.
It turned out that some users were just as careless about protecting their payment details in the real world: 20% see no problem in letting their bank card out of their sight when paying in a restaurant thereby giving fraudsters a chance to make a copy.
"These figures reinforce what has long been observed that many users still are not only endangering themselves and their money but also the banking and payment system businesses they use. Dealing with incidents, even if they are caused by inexperienced users, can consume considerable resources and have a negative impact on a company’s reputation. User confidence in companies doing everything possible to protect them from online fraud imposes a great deal of responsibility. That means the use of specialized security against online theft is becoming a necessity," says Ross Hogan, Global Head of the Fraud Prevention Division at Kaspersky Lab.
The Kaspersky Fraud Prevention platform allows banks to protect financial data and prevent fraud even if users are careless when dealing with money online. The bank has the option of installing a protection solution directly on customer devices, including mobile devices, or using platform components that can remotely detect if a device is infected by malware designed to steal money.
For their part, users, especially the less cyber savvy, should install solutions providing additional protection for online payments such as the Safe Money technology for Windows and Mac OS X integrated in Kaspersky Internet Security – Multi-Device and Kaspersky Total Security – Multi-Device, for example. This technology goes beyond the standard protection from online threats, and creates a special secure environment to conduct financial operations that is inaccessible to fraudsters.