A test conducted by Kaspersky Lab has shown that many users do not know (or know, but do not follow) basic security rules when making online payments or using online banking systems.

For example, only half of users check if a website is authentic before entering their financial details, while almost a third consider it completely unnecessary to take any measures to protect their money online.

The test, conducted online, included a number of potentially dangerous situations that users often encounter on the Internet, including online financial operations. Over 18,000 users globally completed the test.

Participants were asked to select one of four fictitious banking sites to enter their account details. Only half of the participants were able to recognise the truly secure site with an unmodified name (changes to an organisation’s name are a common giveaway of phishing) and the https prefix indicating an encrypted connection. Moreover, 5% of respondents selected sites with a misspelt address, which suggests they are potentially fake pages created to steal financial data from users.

Users were then asked what steps they would take before entering their financial data to make an online payment. Only 51% of respondents globally said they verify the authenticity of a site. While 21% of those surveyed use a virtual keyboard to protect their passwords from interception by malware, 20% check their security solution is working properly to ensure the payment is secure from any outside interference.

Almost a third of users (29%) said they would take no additional action because “the web sites of big, well-known companies are sufficiently protected”. However, in most cases even a protected site cannot guarantee that cybercriminals will not interfere in the payment process or that a device is not infected by a malicious program designed to steal money.

The test also showed that 11% of respondents would use “incognito” mode to protect a payment, 4% would resort to an anonymiser, and 7% of those surveyed would repeatedly enter and wipe the data “to confuse viruses”. Unfortunately, these actions do nothing to protect a user’s financial information.

It turned out that some users were just as careless about protecting their payment details in the real world: 20% see no problem in letting their bank card out of their sight when paying in a restaurant thereby giving fraudsters a chance to make a copy.

“These figures reinforce what has long been observed that many users still are not only endangering themselves and their money but also the banking and payment system businesses they use,” says Ross Hogan, global head of the Fraud Prevention Division at Kaspersky Lab. “Dealing with incidents, even if they are caused by inexperienced users, can consume considerable resources and have a negative impact on a company’s reputation. User confidence in companies doing everything possible to protect them from online fraud imposes a great deal of responsibility. That means the use of specialised security against online theft is becoming a necessity.”