Research reveals Brits expose themselves to fraud by having the same password or worse – writing it down – but over three-quarters are happy for banks to capture biometric data to protect their finances

HIGHLIGHTS:

• Over 1 in 5 Brits have just 2-5 passwords they re-use across ALL financial accounts
• 1 in 20 Brits admit to using just one password for all accounts while nearly 1 in 5 write down all their passwords
• Under half (40 percent) are prepared to use username and password for logging into banking apps
• Nearly three quarters (71 percent) are happy to provide a biometric to their bank for security purposes and allow their bank to access and analyse the way they hold their mobile phone or type in their password to protect their account (70 percent)

New independent data for FICO, a global leader in analytics software, reveals that despite universal consumer advice that one password for all financial accounts is equivalent to leaving the front door open, only 40 percent of Brits have separate passwords for each of their financial accounts. Nearly one in five Brits write down all their passwords, another security no-no. On a brighter note, there is wide acceptance of advanced security options such as biometric data to protect financial accounts.

For more information visit https://www.fico.com/blogs/fico-digital-banking-study-security-and-authentication-digital-world

The FICO Consumer Digital Banking study found a large percentage of Brits currently do not take the necessary steps to protect their passwords and logins online.  This is especially worrying since the onset of COVID-19, as the majority of financial transactions have gone digital.  It seems that the youngest generation – 18-24-year olds – are the most likely to have just one password for all accounts (8 percent). This age group is also the least likely to have 10 or more passwords for their accounts (10 percent).

Middle aged Brits (45-54-year olds) are the biggest culprits of having just 2-5 passwords which they use across all financial accounts (28 percent). Perhaps dispelling ageist perceptions, the 55+ age group are the greatest advocates of having separate passwords for every account (41 percent), albeit that is only 1 percent above the national average.

Remembering passwords is another security weakness revealed by the FICO research:

• Only 18 percent claim to use recommended password management software
• 18 percent also admitted to writing their passwords down.
• 42 percent claimed to be able to remember their passwords. However, acknowledged forgotten usernames and passwords are a regular pain point.
• Nearly a quarter (24 percent) reported that they abandoned an online purchase because of forgetting their username or password. A similar percentage have been unable to check an account balance.
• Forgotten usernames and passwords have stopped 15 percent from opening a new account with an existing provider.

“Forgotten usernames and passwords can result in online purchases being abandoned; they even impact new account openings with existing providers,” said Sarah Rutherford, identity solutions expert, FICO. “It’s important that consumers are given the confidence that transactions can be completed swiftly without any increased risk to security by using biometrics, especially with consumer behaviours switching to digital channels as a consequence of COVID-19. Fortunately, our survey showed that a move towards more secure authentication methods has positive support from consumers.”

When logging into their bank via mobile app, over half (53 percent) are prepared to use a one-time passcode (OTP) by SMS when security checks are required. However, this method has its own weaknesses as 17 percent believe their bank account provider does not have their current mobile phone number. And less than half say their bank has their correct home phone (landline) number. This means that, just as online payments are becoming the norm for most Brits, for as many as 1 in 6, authentication for online payments including those by debit card could fail.

The good news is that biometric methods are now being widely accepted for security. 71 percent are happy to provide their bank with a biometric. And for logging into a banking app, 48 percent said they would be happy to use a fingerprint scan, 25 percent a facial image and 23 percent a voiceprint.  Only 13 percent think that a bank should never capture a biometric.

Most people (78 percent) also accept banks’ analysing their device settings for security purposes. 70 percent also accept the use of behavioural biometrics such as analysis of the way they hold their phone or type in their password.

“Whilst our research was conducted just before the COVID-19 lock-down, the findings send a very clear message that UK consumers understand the greater security benefits of biometrics over passwords,” commented Rutherford.  “Since face-to-face interactions are likely to be reduced for some time to come, it is crucial for consumers and financial institutions to have mutual respect for the benefits biometrics deliver – not just for security but in terms of removing the delay and friction from financial transactions.

“Consumers don’t generally manage their passwords well, so biometrics offers a far more simple and secure way to verify a person’s ID. Some banks are already using biometric ID as digital account opening becomes the norm, and this is set to grow as they strengthen their ID verification processes. And financial institutions should be reassured that, when it comes to providing a biometric for security purposes, people are much happier to provide one to their bank, at 71 percent, than to a government agency at 29.5 percent.”