Private banks and wealth managers need to more to protect personal data via their public websites, research suggests

News - Banking

Written by Jade Stewart

Wednesday, 10 March 2010 09:18

The majority of private banks and wealth managers show little regard for the protection of personal data on their public websites, according to a new survey.
Some 61% of banks do not offer secure web messaging and nearly 60% do not give privacy warnings to users of their website about sending unprotected emails to recipients at the bank, the research from Swiss research group MyPrivateBanking has found.

The research comes at a time when concerns are being raised by wealth managers and others about Germany’s decision last month to purchase stolen information on confidential Swiss bank accounts held by its citizens, despite the possible legal and diplomatic challenges that would ensue.

‘Thousands of private banking clients have suffered recently from the disclosure of sensitive personal data,’ said Steffen Binder, research director of MyPrivateBanking.

‘Many clients have become concerned about confidentiality and privacy protection, making it all the more surprising that in reality the majority of these websites are insecure and potentially subject to eavesdropping attacks that can let intruders gain access to sensitive information,’ he added.

Online communication is of increasing importance to the 195 websites in the 17 most important bank markets in the world surveyed for the research and offered by most. More than half of banks offered a web based contact form for users of their public website, but more than 60% did not use the secure HTTPS protocol, according to the survey.

Nearly 60% of websites offered one or multiple email addresses to send messages to recipients at the bank, but only a minority of 41.2% made a statement to users about the risk involved in sending simple emails. Nearly 60% did not give any warning to website users, not even in the privacy policy on their website.

For assessing the level of privacy MyPrivateBanking looked at the two major means to transmit messages via the public website of a bank. First, it was checked whether the bank offers encrypted messaging via the secure HTTPS. Without HTTPS, a message that is transmitted via a website can be easily intercepted.

Then it examined whether in the case of contact email addresses published on the website, the bank explicitly warns their website users about the risks of email transmission. This could be done in an explicit privacy policy on the website or directly, on the contact page of the bank.

‘More than ever banks need to focus very carefully on their online privacy reputation as this is an important asset for building trusting client relationships. Consequently private banks and wealth managers should make privacy protection on the web a high priority item for the management and offer HTTPS protected contact forms and explicit data security warnings on all relevant pages of the website,’ said Binder.

‘But not only banks and wealth managers have to be more sensitive to the risks of online communication. Users have to be aware that the Internet is an un-policed open space and avoid sending information via regular e-mail or through web contact forms, except those that are HTTPS protected. By explicitly pointing out the security features of their websites banks will make it easier for users to develop trust and lower the hurdle for online contact,’ he added