Ng added that the growth of 3G and GPRS usage would also encourage more mobile banking usage, a trend which might help drive e-cert adoption "as the advanced devices can easily have the e-cert embedded."

The phish factor

Leung said that his bank only endorses Microsoft's Internet Explorer browser, as he feels there are security issues with Firefox (IE's main competitor, although there are several other web browsers on the market). But the BofA CIO said that phishing represents a bigger security risk. While he is not aware of any successful phishing attempt ever occurred at the Bank, Leung added that even if bogus high-risk transactions can not be completed, personal data such as usernames and passwords can be compromised if the bad guys succeed in fooling Netizens.

And he's seen phishing attempts made on his bank's homepage. "One of the interesting aspects is that the fake page was made in the USA, and doesn't use a double-byte character set-so the button that says "Chinese-version" in Chinese characters displays as a double question-mark," he noted. However, Leung said that Netizens should always be vigilant against phishing attempts. "I've seen 'bank0famerica' and 'bankofamerca' used as URLs," he said. "One character will be off and people might not notice that the URL is wrong." As always, online banking customers should never click on embedded hyperlinks, and remain vigilant about phishing schemes.

"Security is still the top priority for us," concurred Ng. "We see more and more standardization across systems and networks which makes the environment much more open to attacks from outside...I think we have to go back a little and start separating the network into different access layers or zones, one layer for internal applications for key business users [and a] public network for internal users with low-level access to systems and information as well as for public or partners and other visiting parties."