Financial News

Message Boards Property Pensions Savings Utilities UK Stocks Investments clear all debts then save or both? Split in assets... Gold Shares Liquidity or Solvency? GaBumping when is the best time to SPEND View boards: Your Money UK Stocks Also on Yahoo! Finance Mortgages Insurance Loans Credit Reports Credit Cards Banking Savings Cut Your Bills Mortgage articles Can you trust a new build home? Save £962 On Your Mortgage Help Is At Hand For First-Time Buyers! House Price Falls: The Winners And Losers View archive Personal finance articles Civil partnership or cohabiting - your rights Three cheers for the credit crunch How much more will your holiday cost? National Savings - safe but not sexy View archive Investment articles Volatility guaranteed, if nothing else Fall bar none Asian growth to offset US slowdown A mixed first half View archive

By Emma Tyrrell

The high street banks think we're a pretty lazy and stupid lot, and since millions of us claim to be fed up to the back teeth with their poor rates and shoddy service, yet can't be bothered to switch accounts, they may have a point.

Of course, banks like lazy and stupid customers – they're the best kind. Those annoying consumers who refuse to put up with poor service and like to shop around for the best possible deals, just don't care that they are dashing the poor chief executive's bonus hopes in the process (poor love).

But when it comes to protecting ourselves, and the banks, from internet fraud, suddenly our being lazy and stupid becomes a bad thing.

A new report from Lloyds TSB internet banking says a fifth of us have chosen online shopping and banking passwords as obvious as our own names, while nearly three-quarters of us admit to using the same password for several different websites. Apparently 17 per cent of us use pet names, 12 per cent use our surnames, and 8 per cent of us use our first names. Another six per cent use our partner's name, while 7 per cent use our birthdays, and a further six per cent our place of birth.

Once we've decided on our passwords, one in five of us save them on our computers, allowing easy access for hackers, while third write security details down. One in 10 of us have given our passwords to a friend or relative.

Lloyds TSB purses up its lips at this point, and comes on all schoolmarmish, warning that we are just making things easy for the fraudsters. We'll only have ourselves to blame when the thieves empty our accounts and max out our credit cards, basically.

If we had any sense, we'd choose hard to guess passwords, using a combination of letters and numbers, and change them regularly. We would then cunningly commit them to memory, keeping no records and telling no-one else.

Now I've got three current accounts, four credit cards, three savings accounts and two mortgage accounts, spread across different financial institutions. When you add in shopping websites and memberships of places like Ebay and hotmail, I reckon I must need a couple of dozen passwords, easy. If I used unique passwords and changed them every few months, I could quite easily get through 100 passwords a year.

If I had enough brain capacity to remember all those, I'd be immensely rich and successful, and would have a private banker who I would employ simply to remember all my passwords. Doh! I'm not supposed to tell anyone!

The sad reality is that most of us can't remember all those passwords, which is precisely why we do write them down, opt for easy to remember names, or choose the same security details for all our accounts.

One friend of mine is constantly forgetting the many fiendishly complicated passwords and user names he has chosen for his myriad accounts, with the result that he is forever having to ask for password reminders to be emailed to him. Unfortunately he is also notoriously bad at deleting his emails, so it wouldn't take much nouse for a hacker to run down his list of mails and pick up all his passwords.

One way of cutting through your maze of different banking passwords is to use an account aggregation service, such as those provided by Citibank, Egg, First Direct, or Moneysupermarket.

These allow you to access all your online financial accounts, from different providers, with one set of security details. This means you could view your current account balance, savings accounts details, mortgage payments, credit card balance and loan repayments on a single page.

Some account aggregators even allow you to combine email, share-dealing and utility bill accounts as well as letting you access any shopping services, auction sites, or news journals you are registered for.

All this with just a single set of sign-on details. With some services, such as First Direct's and Citibank's, you don't even have to be a customer of those banks to use their account aggregators.

Unsurprisingly, as with anything that potentially entices their customers away, the high street banks don't like account aggregation.

They sit gloomily foretelling doom, like a bunch of pin-striped Eeyores who've lost their tails, warning that customers who disclose their security details to a third party are potentially in breach of their terms and conditions. If a customer using an aggregation service suffered from fraud, he or she would be liable for any losses.
But while some aggregation services ask you to provide them with all your user IDs and passwords, others use a "digital safe" which sits on your computer's hard drive and holds all your security details in an encrypted form.

With these services, offered by Egg, First Direct and Moneynet, you don't have to tell the account aggregator your passwords. Instead you to sign in to their website and create a new set of unique log-in details. Once you've done this, you can download the digital safe to your computer to store all your other passwords. The account aggregator never has access to all your security details, and your aggregator account can only be accessed from your PC.

First Direct's Internet Banking Plus service is one of the most recent account aggregation services to be launched, and has been going for about a year. As well as the usual financial accounts, its service also allows you to access loyalty reward schemes, utility accounts, Ebay details and email accounts with a single set of sign-on details. Like some of the other services, it has a fraud guarantee. If a customer lost money, through no fault of their own, it would reimburse it.

If you decide to try an account aggregation service...

• If the aggregator needs your user IDs and passwords, check with your account providers that you are not breaking their terms and conditions by handing them over.


• Ask what happens if there is a security failure and you lose money. Egg and First Direct, for example, say that if this did happen customers would be reimbursed fully. If the security breach was down to you writing down your account aggregation password, however, you will not be covered.

• If you think someone else knows your password, change it fast.
  
• Always log off and close down your browser when you've finished accessing a site, to stop others gaining access online.


• Try not to access your accounts on a public computer, such as one in an Internet café or library. If you have to, don't leave the computer unattended, try and ensure that no-one is looking over your shoulder , and always log-off after you've finished. Never choose or change your passwords on such a computer.