BEDFORD, Mass. ? A consumer survey by RSA Security shows 73 percent of bank account holders believe their financial institutions should replace username-and-password log-in with stronger authentication for online banking, while 89 percent would like their banks to monitor online banking for irregular activities, what the credit card companies now do.

In the survey, conducted in Nov. 2005 among 402 U.S. adults, some 59 percent would like their bank to contact them when something suspicious is detected, 79 percent of account-holders are less likely to respond to an e-mail from their bank due to scams including phishing, while 65 percent of account-holders have seen either ‘a slight increase’ or ‘no change’ in the amount of phishing e-mails they have received.

The RSA Cyota Anti-Fraud Command Center, which scans over 1 billion e-mails per day confirms: the number of phishing attacks has remained close to 2,500-3,300 attacks per month for the last eight months, with only a small increase each month.

“It is important to preserve the speed, simplicity, ease of use and convenience of the online banking channel. Consumers seem to feel comfortable with the notion of their financial institution monitoring their online activity and contacting them when something suspicious is detected, just as they’ve become accustomed to for years in the credit card space” said Chris Young, senior vice president and general manager of RSA Cyota Consumer Solutions.

When asked for their views on online banking authentication, 73 percent of respondents answered that they feel banks should use some kind of stronger authentication than basic and static usernames-and-passwords for online banking. When presented with several options, including hardware tokens, watermarks for mutual authentication, and risk-based authentication, the majority of respondents (74 percent) selected risk-based authentication as their preferred method.

Risk-based authentication involves a behind-the-scenes assessment of the user’s identity based on factors including log-on location, IP address and transaction behavior – which can be supplemented with out-of-band phone calls or secret questions for transactions that are deemed high-risk.

The survey showed 43 percent responded that they would use a token if the bank provided one for free, while 55 percent responded that they would like to use a watermark for reverse authentication; 46 percent felt that it is most important to see the watermark on any computer they log-in from, and not just their primary computer.

The survey also shows that account-holders are looking to their banks and their ISPs to protect them from phishing: 45 percent of account-holders feel that an ISP blocking service for phishing would be effective, and 68 percent would like their ISP to offer such a service.

The surveys mentioned were commissioned by Cyota prior to the RSA Security acquisition in December 2005, and administered by Infosurv, an online market research company. The statistical accuracy is plus or minus 4.89 percent, giving the survey a 95 percent confidence level.