The research surveyed 195 websites in the 17 important banking markets and found that 61% of the banks do not offer secure web messaging. Almost as high, at 59%, is the proportion that do not give privacy warnings to users of their website about sending unprotected e-mails to recipients at the bank.
Overall the research showed that online communication is of increasing importance to private banks and wealth managers and offered by the vast majority of the providers. Of the surveyed banks only 10% offer telephone numbers as the sole means of contact, while 35% offer e-mail contacts, 31.3% have a contact form and 23% offer both means of online contact.
For assessing the level of privacy, MyPrivateBanking research looked at the two major means to transmit messages via the public (not password protected) website of a bank. First, it was checked whether the bank offers encrypted messaging via the secure HTTPS (Hyper Text Transfer Protocol Secure). Without HTTPS, a message that is transmitted via a website can be easily intercepted.
Second, whether in the case of contact e-mail addresses, published on the website, the bank explicitly warns their website users about the risks of e-mail transmission. This could be done in an explicit privacy policy on the website or directly, on the contact page of the bank.
In total 54.4% of banks offered a web-based contact form for users of their public website. However, looking on the websites of these banks, research has noticed that more than 60% did not use the secure HTTPS protocol. Even more private bank websites (58.5%) offered one or multiple e-mail addresses to send messages to recipients at the bank. Of these, only a minority of 41.2% made a statement to users about the risk involved in sending simple e-mails. The majority of banks (58.8%) did not give any warning to website users not even in the privacy policy on their website.
MyPrivateBanking Research recommends that more than ever banks need to focus very carefully on their online privacy reputation as this is an important asset for building trusting client relationships. Consequently private banks and wealth managers should make privacy protection on the web a high priority item for the management and offer HTTPS-protected contact forms and explicit data security warnings on all relevant pages of the website.
Steffen Binder, research director of MyPrivateBanking, said: “Thousands of private banking clients have suffered recently from the disclosure of sensitive personal data. Many clients have become concerned about confidentiality and privacy protection, making it all the more surprising that in reality the majority of private banking and wealth management websites are insecure and potentially subject to eavesdropping attacks that can let intruders gain access to sensitive information.”
Christian Nolterieke, managing director of MyPrivateBanking, said: “Users have to be aware that the internet is an un-policed open space and avoid sending information via regular e-mail or through web contact forms, except those that are HTTPS protected. By explicitly pointing out the security features of their websites banks will make it easier for users to develop trust and lower the hurdle for online contact.”