Privacy Vulnerable On Private Banking Websites: MyPrivateBanking

MyPrivateBanking research has found that most Private Banking websites do not offer a safe data transmission. The survey included 195 websites in the 17 most important banking markets.

The majority of Private Banks and Wealth Managers worldwide show little regard for the protection of personal data on their public websites. MyPrivateBanking Research surveyed 195 websites in the 17 most important banking markets and found that 61 percent of the banks do not offer secure Web messaging. Almost as high, at 59 percent, is the proportion that do not give privacy warnings to users of their website about sending unprotected e-mails to recipients at the bank.

“Thousands of Private Banking clients have suffered recently from the disclosure of sensitive personal data,” states Steffen Binder, Research Director of MyPrivateBanking. “Many clients have become concerned about confidentiality and privacy protection, making it all the more surprising that in reality the majority of Private Banking and Wealth Management websites are insecure and potentially subject to eavesdropping attacks that can let intruders gain access to sensitive information.”

Overall, the research showed that online communication is of increasing importance to Private Banks and Wealth Managers and offered by the vast majority of the providers. Of the surveyed banks only 10 percent offer telephone numbers as the sole means of contact, while 35 percent offer e-mail contacts, 31.3 percent have a contact form and 23 percent offer both means of online contact.

For assessing the level of privacy, MyPrivateBanking Research looked at the two major means to transmit messages via the public (not password protected) website of a bank. First, it was checked whether the bank offers encrypted messaging via the secure HTTPS (Hyper Text Transfer Protocol Secure). Without HTTPS, a message that is transmitted via a website can be easily intercepted. Second, whether in the case of contact e-mail addresses, published on the website, the bank explicitly warns their website users about the risks of e-mail transmission. This could be done in an explicit privacy policy on the website or directly on the contact page of the bank.

The results are the following: No secure contact form: 61.3 percent (65 of 106 providers); no privacy warning on e-mail security: 58.8 percent (67 of 114 providers).

In total 54.4 percent of banks offered a Web-based contact form for users of their public website. However, looking on the websites of these banks, we found that more than 60 percent did not use the secure HTTPS protocol. Even more Private Bank websites (58.5 percent) offered one or multiple e-mail addresses to send messages to recipients at the bank. Of these, only a minority of 41.2 percent made a statement to users about the risk involved in sending simple e-mails. The majority of banks (58.8 percent) did not give any warning to website users – not even in the privacy policy on their website.

MyPrivateBanking Research recommends that more than ever banks need to focus very carefully on their online privacy reputation as this is an important asset for building trusting client relationships. Consequently, Private Banks and Wealth Managers should make privacy protection on the Web a high priority item for the management and offer HTTPS-protected contact forms and explicit data security warnings on all relevant pages of the website.

But not only banks and wealth managers have to be more sensitive to the risks of online communication. “Users have to be aware that the Internet is an un-policed open space and avoid sending information via regular e-mail or through Web contact forms, except those that are HTTPS protected,” explains Christian Nolterieke, Managing Director of MyPrivateBanking. “By explicitly pointing out the security features of their websites, banks will make it easier for users to develop trust and lower the hurdle for online contact.”