Around two thirds of Internet users are putting themselves at risk of fraud by using their online banking credentials on other sites, according to e-security vendor Trusteer.
The firm's findings, based on a sample of more than four million users of its Rapport browser security service in North America and Europe, shows that 73% of bank customers use their online account password to access other sites. Nearly half - 47% - use both their online banking user ID and password to login elsewhere on the Internet.
Trusteer says criminals often look to steal login details from Web sites that are less secure than those run by banks. Therefore, people who use the same credentials for multiple sites, are exposing themselves to account hijacking and fraud.
The research reveals that when a bank allows users to choose their own user ID, 65% share it with non-financial sites. In contrast, when banks choose the IDs for their customers, only 42% use them at other sites.
Amit Klein, CTO, Trusteer, says: "Using stolen credentials remains the easiest way for criminals to bypass the security measures implemented by banks to protect their online applications, so we wanted to see how often users repurpose their financial service usernames and password. Our findings were very surprising, and reveal that consumers are not aware, or are choosing to ignore, the security implications of reusing their banking credentials on multiple websites."