The end of 2003 had opened more than one million online bank accounts. Despite internet security fears, that number is expected to grow by more than 30 percent this year - so the banks must be doing something right. Now, new in-depth research into the online services of seven banks tells us how they compare.
After last year's security scares involving thefts from three internet bank accounts, it might surprise you to learn that South Africans didn't take fright and retreat into traditional banking methods. In fact, in 2003 South Africa had one of the highest growth rates of internet banking in the world - exceeding that of the United States, for example.
According to a recent study, "Online banking in South Africa, 2004", by World Wide Worx, an independent technology research company, the number of online bank accounts grew by 28 percent to 1.06 million in 2003, and the overall value of online transactions increased by 46 percent.
These developments - and the fact that for 800 000 South Africans online banking is the second most compelling reason, after email, for using the internet - constitute a huge vote of confidence in online banking in this country, Arthur Goldstuck, the managing director of World Wide Worx, says.
Until now, the quality of a bank's online service might not have been a major consideration when you considered which bank to join. But given Goldstuck's statistics, that is surely changing.
World Wide Worx's survey is a detailed comparison of the online services offered by seven banks: Absa; First National Bank (FNB); Icanonline, the banking, shopping and financial products website set up by Nedbank and Mweb; Investec Private Bank; Nedbank; Standard Bank; and 20Twenty, the internet banking offering Standard Chartered, an international bank, took over from the liquidated Saambou Bank.
And the winner is
The survey evaluated each bank's website in terms of a wide range of criteria, including downloading speed, navigation (how easy and efficiently you can find your way around the site), search facility, content, design, security and privacy policies, and so on.
Absa, which has the largest number of online accounts, emerged as the best internet bank overall, scoring 556 out of a potential 850 points, or 65 percent. Standard Bank came a close second with 63 percent, and FNB third with 62 percent. Icanonline was fourth with 58 percent, 20Twenty (57 percent) was fifth, Investec Private Bank (53 percent) was sixth, and Nedbank came last, with 51 percent.
This is how the banks were rated in terms of just some of the survey's assessment criteria.
Speed
People who bank online expect their banks' websites to download fast. Not only is it enormously irritating to wait for webpages to appear on your monitor's screen, but the longer it takes for pages to download, the higher your telephone account.
Goldstuck's survey measured the time it takes for a bank's home-page and secondary pages to download using a dial-up connection via a modem, an Asymmetric Digital Subscriber Line (ASDL) and an Integrated Services Digital Network (ISDN) link.
Currently, most South Africans access the internet using a dial-up connection. Goldstuck says a website's front page should be designed to download in less than 20 seconds - ideally in less than 10 seconds - via a dial-up connection. In this respect, Investec and Icanonline performed best, each scoring eight out of 10. FNB, Standard Bank and 20Twenty each scored seven out of 10. Absa and Nedbank scored the lowest, each with six out of 10.
Security
Last year's online banking security scare occurred after a hacker used keystroke logging software (a type of virus) to "read" internet users' personal identification numbers (PINs) and passwords when they logged into their banks' websites. The virus is typically installed on users' computers without their knowledge via an email message or an attached file.
To eliminate the danger of keystroke logging, many of the banks have introduced security measures such as pop-up pinpads, which appear on your monitor's screen and require that you input your PIN using a mouse instead of a keyboard.
According to the survey, the banks with the most secure log-in processes are Absa and Standard Bank (each scored 16 out of 20). Both banks - as well as Nedbank and Investec - require you to enter three pieces of information, but protect the information by different means.
Absa requires you to enter your account number, PIN and password. But instead of asking for a standard password, you must enter a different combination of letters from the password each time you log in.
Standard Bank requires your bank card number, PIN and password. The pinpad presents you with a different configuration of numbers every time you log in, so you never input your PIN in exactly the same pattern.
Absa and Standard Bank offer you the option of downloading free anti-virus and firewall software. Firewalls prevent unauthorised access to your computer by screening all incoming information.
According to Goldstuck, the only way Absa and Standard Bank could improve their websites' security would be to offer users an offline method of authenticating their identity, such as verification via SMS.
Although FNB received a low mark for overall log-in security (13 out of 20), Goldstuck says it has since made amends by introducing Digitag, which is regarded as the most effective means of authenticating a user's identity. A Digitag is a keyring-sized electronic device that generates a new number for you to input each time you log into the website. You have to apply at your FNB branch for a Digitag.
Nedbank scored 15 out of 20 and is the only bank requiring SMS authentication of transactions exceeding a certain amount.
Investec scored 14 out of 20, and 20Twenty and Icanonline came last with 12 out of 20 each. Neither of the last two websites has pop-up pinpads and Ican-online does not require a secondary password. 20Twenty was marked down, too, for failing to display information about its security policy and security features on the home or the log-in page.
Accessing records
A key requirement for managing a bank account is obtaining balances and statements. The survey evaluated how easy it is to do both online.
1. Viewing balances
All the banks, except Investec, received high marks for displaying account balances on the log-in page, which is the page immediately following the home-page.
Investec scored seven out of 10, because, after logging in, you have to go one step further and click on the "online banking" link to view another page that includes your account balances.
2. Accessing statements
Banking websites often differentiate between current statements - usually the transactions you performed over the previous month - and past statements.
Standard Bank received full marks (10 out of 10) for displaying current statements just one mouse click away from the log-in page.
FNB scored nine out of 10, although it displays your current statement in crude, simple text. In FNB's favour is the ease with which you can find a particular transaction. Investec, Nedbank and 20Twenty tied with a score of eight out of 10, and Icanonline got six out of 10.
Absa received the lowest mark, five out of 10, for a process the survey described as unnecessarily complex and time-consuming.
When it comes to accessing past statements, Standard Bank and Investec both received the highest score (eight out of 10), while Absa scored the lowest (four out of 10).
Investec allows users to access statements going back more than a year, Standard Bank up to 180 days, Absa up to three months, Nedbank up to 90 days or up to five years at additional cost, 20Twenty up to 90 days, and FNB up to 65 days. Icanonline allows you to access statements from January 1 of the current year, and you can ask for older statements to be sent to you by email, post or fax.
Proof of payment
Although organisations and companies usually require proof when you make direct payments into their accounts, most of the websites fail to cater adequately for this need. The exceptions are Investec (10 out of 10) and FNB (eight out of 10).
Both Investec's and FNB's websites generate a proof- of-payment document. Investec's site also allows you to fax or email the receipt directly from your computer to the beneficiary.
Although in the case of the other banks, you can print out the information that appears on your screen, this may not be adequate proof of payment.
Although Standard Bank's website (four out of 10) generates a receipt, you have to print it out immediately after making the online payment. The website does not store the receipt, nor is there a facility for sending it directly from your computer to the beneficiary via email or fax.
You can view a list of transactions on your account by calling up a statement or calling up a list of beneficiaries. If you click on a beneficiary's name, you will be given a list of the last three payments you made.
Nedbank (three out of 10), 20Twenty (three out of 10) and Icanonline (two out of 10) do not have an online facility which generates a receipt that can be sent to the beneficiaries.
Managing your account
1. Payments and transfers
For most people, the core function of online banking is to pay third parties and make inter-account transfers. In this regard, all the banks scored at least 15 out of 20, except Investec, which was rated with eight out of 20. According to the survey, Investec's options for paying new beneficiaries, scheduling payments and making one-off payments are confusing and ambiguous.
The top scorers, each with 18 out of 20, were Absa, FNB, Icanonline and 20Twenty. Nedbank scored 17 out of 20 and Standard Bank 15 out of 20.
2. Adding beneficiaries
Before you can pay a company or an individual over the internet, you need to load the beneficiary's details - name, bank, bank account number, branch and branch code - into your online account. The methods for doing this vary and some are easier than others.
Adding beneficiaries is easiest at Icanonline, Nedbank and 20Twenty, all of which scored 18 out of 20 for this function. FNB was not far behind with 16 out of 20, but Standard Bank (12 out of 20), Investec (11 out of 20) and Absa (10 out of 20) were rated as being less user-friendly.
3. Debit and stop orders
If you have a lot of stop and debit orders, Absa, with full marks for this function, is the bank for you.
FNB, with eight out of 10, was ranked second. Although the FNB site makes it easy to manage debit and stop orders online, there is a delay of a week before a payment instruction is effected.
Standard Bank (seven out of 10) allows you to stop cheque and debit order payments online.
Icanonline (also seven out of 10) allows you to edit or delete stop orders at the click of a button, but it does not offer any features for managing debit orders.
Investec (five out of 10) gives users the "archaic" and limited option of printing out a form that you can fax to the company concerned asking for a debit order to be set up on your Investec account. Nedbank and 20Twenty each scored zero, because neither website enables you to manage debit and stop orders online.
In summary
While the survey reveals there are clear leaders among the online banks - Absa, FNB and Standard Bank - Goldstuck says it is gratifying that the overall standard of all the online banks in South Africa has improved.
When assessed in terms of ease of use and the effectiveness of their transaction facilities, South African banking websites are on a par with some of the best in the world, he says.
However, there is room for improvement. For instance, the banks should make it easier for users to access online statements, and further details about transactions could be provided via "drill downs" - boxes containing additional information that are displayed when you click on some text or a graphic.
Coming challenges
Goldstuck says the biggest challenge facing South African banks in 2004 will be complying with the Financial Intelligence Centre Act.
The Act requires banks to verify the identity of each of their clients. This poses a hurdle to online banking, because it will require customers to sign up for internet banking in branches rather than online.
On the security front, the biggest threat facing banks is an activity known as "phishing". Phishing is sending email messages whose return addresses, links and branding lead the receiver to believe they originate from bona fide financial institutions. The intention is for unsuspecting accountholders to reply to the email, revealing their bank account number, password or credit card details to a fraudster.
Until now, South African internet users have not taken the phishing bait, because the scam emails appear to originate from foreign institutions, and so are dismissed as spam (unwanted email). However, Goldstuck says there is little doubt that phishing aimed at users of local online banks will emerge in the near future.
This article was first published in Personal Finance magazine, 3rd Quarter 2004. See what's in our latest issue