Financial Services Web Sites Fall Short
Top financial services companies' Web sites need work if they are to succeed as a channel promoting acquisition and retention of customers, as well as venues for cross-selling products, according to a study conducted by IBM Corp. (Armonk, N.Y.) and Watchfire Corp., a Kanata, Ontario-based e-commerce software and services vendor.
The study was conducted by visiting the Web sites of the 242 financial services companies on Business Week's Global 1,000 list and scanning as many as 3,000 links on each site, using Watchfire's Online Business Management software. Among the findings: 53 percent of the companies had at least one occurrence of collecting personal information in a Web form without linking to its privacy policy; 91 percent supported less than 128-bit SSL encryption; and more than 40 percent had at least one expired digital certificate. The study also found that the vast majority of sites were inaccessible to the disabled or those using devices other than a standard Web browser, had an abundance of broken links and were rife with spelling errors and other typographical problems, such as missing titles.
The objective of the study was to identify problems that negatively affect the customer experience, raise security issues or violate regulatory compliance demands, according to Mike Weider, CTO, Watchfire. "Quality-related problems, such as broken links, may not get you thrown in jail, but they definitely frustrate customers," he says. "But there are also regulatory issues. For example, under Gramm-Leach-Bliley, you must provide notice [of your privacy policy] at the point of collection of any kind of personal information."
As financial services companies increase their adoption of the online channel, they face a challenge in securing customer trust. "Customers are worried about identity theft and other problems they associate with the Web, and they want to know that the sites they're doing business with are treating their information with respect," says Weider.
While there's always room for improvement, the presentation of the study's findings overstates the case somewhat, says Manuel Barbero, technology group leader, financial services, BearingPoint, a McLean, Va.-based business consulting, systems integration and managed services firm. "Based on my experience with Fortune 100 firms, the large financial institutions have done an excellent job," he says. "The vast majority of organizations have set up compliance mechanisms and processes-they're aware of what has to be done and they're implementing it."
The problem of encryption is more theoretical than actual, Barbero says. "Even to crack things at the 64-bit level requires a concerted effort with considerable computing power," he says. "Plus, there's an easy fix, which is to adopt the encryption with a longer key," such as adopting the 128-bit standard.
Regarding the study's findings on digital certificates, Barbero says the companies' performance is "imperfect, but I don't think that security officers should lose too much sleep over it."
Could Be Worse
John Brahy, director of research and development at ad2, a Santa Monica, Calif.-based company that crafts customer-facing IT solutions for businesses, says, "I think it's a good thing that the issues the study raises are not complicated. They could be much worse."
Brahy regards the IBM/Watchfire findings as more useful as "a usability study than a focus on security." Faults such as broken slinks and slow pages will drive people away from companies' sites, he says. "And spelling errors create a huge problem with credibility for financial institutions. It makes customers wonder if companies' staffs are competent."
Anthony O'Donnell has covered technology in the insurance industry since 2000, when he joined the editorial staff of Insurance & Technology. As an editor and reporter for I&T and the InformationWeek Financial Services of TechWeb he has written on all areas of information ... View Full Bio
Tweet This