Fears about online banking scams have prevented many customers in Ireland from ending their love affair with cash and cheques, writes Síle McArdle.
IRELAND has been slow to embrace internet banking - an interesting reluctance compared with our 121 per cent mobile phone penetration rate and 25 million texts every day.
According to the latest Eurostat figures, just 42 per cent of Irish internet users aged between 16 and 74 used online banking last year, two per cent below the EU average and half that of the highest-rated nation, Finland.
"We are clinging to old-fashioned things like cheques and cash," says Tom Conlon, director of Bankhawk Banking Advisors. "Some people fear they're not fully in control when it comes to internet banking."
Conlon believes Ireland can learn a lot from Scandinavian countries, where online payments generate an invoice which needs authorisation - keeping the customer in the loop every time.
Cheques and cash, it seems, are an expensive indulgence, costing the economy about €1.4 billion per annum according to Úna Dillon, head of card services and communications at Ipso (Irish Payment Services Organisation).
Fergal O'Byrne, chief executive of the Irish Internet Association, says banks are extremely proactive about fraud. Transaction processes over the internet are technically sound and use high levels of encryption, he points out.
And the banks are keen to stress their stake in keeping the internet secure: they conduct regular system reviews, liaise with agencies such as the Irish Banking Federation's high-tech crime forum, and post user guidelines online. They also invest heavily in relevant technology to guard all forms of internet connections.
"Bank of Ireland has over 72,000 registered online customers and 365 Online has never experienced a breach of internet security," says Mary Brennan, group corporate communications at BoI.
In fact online banking security breaches here to date have exclusively been as a result of "phishing" scams. These are authentic-looking e-mails or pop-up windows sent to trick customers into giving sensitive bank information to fake websites so fraudsters can steal from their accounts or commit identity theft. But legitimate businesses will never contact you in this way, so the simple solution is this: never reply, never click on attachments or links, and always tell your bank what happened.
"Customers of Irish banks are being hit by up to 300 phishing attacks a day," says Ronan Sheridan, group press officer with AIB, which with more than 500,000 customers, claims Ireland's biggest online share. "AIB has had a small number of reported frauds, whereby customers have responded to a phishing e-mail and their accounts have been compromised. But the number of cases has been minimal relative to the level of usage."
Even though customers are technically to blame, banks are carrying the can. "Losses in Ireland due to phishing were in the region of €400,000 in 2007," says Úna Dillon of Ipso, adding that it was all refunded.
So how can the net be tightened on phishing? Hand-held codegenerating or card-reading devices which create unique transaction passwords in addition to log-in passwords and Pins are favoured by Rabobank, AIB and, most recently, Ulster Bank. Banks using this two-factor authentication approach believe it can also beat the other major dangers - Trojans or spyware.
"Banks that still rely on static passwords and Pins as forms of access are entirely vulnerable to keystroke-logging and phishing attacks," says Greg McAweeney, general manager of RaboDirect, the online arm of Rabobank, which has introduced a Digipass. "We have been critical about Irish banks' slow adoption of two-factor authentication. But we are pleased to see that some - sadly, not all - are following."
So with financial institutions increasingly on top of security, the focus is on enticing more customers into the online banking system and ending our costly love affair with cheques and cash.
