BoI anti-phishing push as online transactions rise

25 Jan 2005

Bank of Ireland (BoI) has said that it is constantly warning its customers of the dangers of phishing scams; the company made the statement as it revealed figures showing that record number of users accessed its online business banking facility last year.

Ken Slattery, head of payments and electronic services with BoI, confirmed that security was continuously under review. “It’s of paramount importance to us,” he told “We’re constantly warning our customers against phishing … the bank will never ever ask you for your username and password.” Phishing scams hit the headlines last year as fraudulent emails purporting to come from banks attempted to trick users into revealing their passwords or other sensitive information. Some reports in the UK have suggested that users are not convinced that their banks are doing enough to combat the problem.
BoI’s 70,000 business customers use digital certificates to authenticate themselves before they can access the online services. This is a more secure method than usernames and passwords that could be compromised. Digital certificates authenticate both parties in a transaction, ensuring that it is legitimate. “The difference between business and consumer services is that we protect the transaction through digital certificates. The [business] customer is issued with a digital certificate from the bank,” said Slattery.

He pointed out that the bank has used digital certificates for its Business Banking services “since day one” and they had not been rolled out in response to specific security concerns. “The first time it’s issued, there’s a member of the bank’s staff on the customer premises, so you can’t give it to the wrong person,” he explained. Business customers can download further versions of the certificate at a later date as needed.

The logistical aspect to this service probably militates against digital certificates being given to consumer users in the short term, Slattery acknowledged. “A consumer has the flexibility to use internet cafes to check their bank balance online or to do it from home; a company has its PCs on its premises and the digital certificate gets downloaded on to those PCs. Consumers are more likely to be moving, so we have to balance customer service and flexibility with security and that’s the challenge.”

One possible solution would be to distribute digital certificates on USB keys, which would allow users to carry them and access the service no matter what computer they were using. Another option could be some kind of biometric identification; according to Slattery, this technology is “on the radar” of the wider banking industry. “I would be surprised if we didn’t see biometrics in this space within three to five years,” he said.

The bank revealed that in 2004, almost five million instructions and 35 million online transactions were recorded from 70,000 registered business users. The figures show the highest increase in online banking by the small business sector. The number of these customers using the Business Online service grew by more than double in the past 12 months.

Small businesses can achieve significant savings by banking over the internet, said Slattery. They could reduce the cost of their routine branch transactions by up to 76pc. Four fifths of BoI’s larger customers now transact online and now SMEs are starting to follow suit, he added.

Despite efforts by the Government to automate payments, Irish SMEs still write high volumes of cheques, Slattery indicated. “Although the level has been dropping, there has not been the dramatic decrease that other European countries have experienced. One key factor that will facilitate this change and continue the surge in online banking experienced in 2004 will be increased availability of broadband,” he suggested. Looking ahead, Slattery said he expected the bank’s online business service to grow by between 10pc and 20pc in the coming year.

By Gordon Smith