June 24, 2008
Non-Bank Online Personal Finance Sites Offer Look into Future of Online Banking, But Open the Door for Identity Theft
A new crop of nonbank online personal finance sites combining traditional account aggregation services with Web 2.0 concepts is garnering considerable attention from the media and gaining users. The sites provide a novel approach to aggregating and managing multiple aspects of an individual's financial life online. However, new TowerGroup research finds that they are often missing one critical component - adequate fraud prevention capabilities to protect both the consumer and the bank from account takeover and identity theft.
The host of online personal finance Web sites that have emerged in recent years - including such names as "Banzai", Mint, and Wesabe - leverage intuitive user interfaces to offer personal financial management (PFM) tools, some level of financial advice, and, in many cases, social interaction. In contrast to the online account aggregation services offered by several large traditional banks, these new sites leverage consumers' propensity for online interaction and information sharing to provide services and insights beyond those of most online banking portals. The services include innovative ways to view personal financial information, the opportunity to see how others manage and spend their money, and, in some instances, free financial advice from experts or the user community at large.
However, Tubin cautions that most of the new sites pose a security risk because they protect the user's information with only a username and password - a method known as single-factor authentication. TowerGroup believes that these nonbank online personal finance sites will likely become the next target of phishers and other fraudsters looking to gain easy access to consumer banking data to commit bank fraud - particularly given that most bank sites have already moved to multifactor authentication and aggressive consumer education concerning security.
New online personal finance sites must comprehend the sensitive nature of their customer data and bolster their current data and Web security capabilities with stronger online authentication technologies. In addition, TowerGroup believes that the Federal Trade Commission (FTC) should consider adopting regulations and guidance imposed by the federal banking regulators, specifically the 2005 FFIEC guidance regarding online authentication, relative to the governance of these and other online sites.
"Notwithstanding the security concerns, TowerGroup believes that consumer banks will watch this market space closely, and will either adopt similar capabilities or partner with new independent players or acquire them," added Tubin. "Bringing together the fresh approach of these new online personal finance sites with banks' traditional product, service, and security capabilities could lead to a compelling new combination currently unmatched in the industry."
The new research, titled, "The Impact of Online Personal Finance Offering: The Good, the Bad, and the Ugly," explores the consumer benefits and security issues of the new online personal finance offerings - as well as their expected impact on traditional financial services players like banks. The research report is available to qualified members of the press for review. To request a copy or to arrange an interview with Tubin, please contact Jorge Lavina at +1-917-595-3047 or [email protected]
At TowerGroup, Mr. Tubin's research focuses on consumer online banking, fraud and identity theft prevention, information security strategy, and customer authentication as well as mobile banking and contact center strategies and technologies.
About TowerGroup: TowerGroup is the leading research and advisory services firm focused exclusively on the financial services industry. A respected source for trusted information and advice, TowerGroup brings many of the world's leading financial institutions, technology companies, and professional services firms a deeper understanding of the business and technology issues impacting their organizations. Headquartered near Boston in Needham, Massachusetts, and with offices in North America and Europe, TowerGroup serves a global client base. Visit www.towergroup.com for more information.