Non-bank personal finance Web sites put customers at risk with lax security and should be made to adhere to the same regulations as traditional online banks, says a new TowerGroup report.
Sites like Mint and Wesabe are not adequately protecting customers from account hijackers and identity theft because they only offer single-factor authentication - user names and passwords, says the report.
TowerGroup says it believes these non-bank sites will become a major target for phishing fraudsters, particularly as most bank-operated sites require customers to use multifactor authentication.
Personal finance sites must comprehend the sensitive nature of customer data and bolster current data and Web security capabilities with stronger online authentication technologies, says TowerGroup which is calling for the US Federal Trade Commission (FTC) to consider imposing the same regulations that bank have to comply with - specifically the 2005 FFIEC guidance regarding online authentication.
Despite the security concerns, sites like Mint and Wesabe have proved successful in combining traditional account aggregation services with Web 2.0 features, and attracting a new generation of savvy online consumers.
"By incorporating state-of-the-art Web technologies and community-sharing features like Web forums and blogs, these sites seek to tap into individuals' desire to interact, share, learn, and belong to a like-minded community," says George Tubin, senior research director, delivery channels and financial information security practices, TowerGroup.
This enables them to offer customers innovative ways to view personal financial information and the opportunity to see how others manage and spend money. Customers can also receive free financial advice from experts or the user community.
Tubin predicts traditional online banks will now look to introduce similar features, either on their own or through tie-ups.
"Bringing together the fresh approach of these new online personal finance sites with banks' traditional product, service, and security capabilities could lead to a compelling new combination currently unmatched in the industry," says Tubin.
The popularity of Web 2.0 was demonstrated earlier this year when a poll of 1000 Facebook users aged between 18 and 34 by WorkLight found that 48% of respondents would take advantage of online banking with Web 2.0 gadgets if their banks offered the service, while one in four would consider leaving their bank in order to obtain online banking through networking widgets.
In 2006 research group Gartner called on financial services firms to use Web 2.0 applications such as wikis, podcasts and blogs in order to improve cross-enterprise collaboration and deliver personalised information to clients. But research conducted last year by IT specialist Conchango found fears over brand damage are preventing the UK's major retail banks and building societies from implementing such applications.