The Safest Banks: ING is #1

Written by nickel - 9 Comments

For those that are interested in opening an online savings account, I just ran into an interesting bit of information about ING Direct (and other banks) over on the NY Times Bits weblog…

In talking about how well different corners of corporate America do when it comes to protecting customers from identity theft, they put together a rundown of the estimated annual number of “incidents” related to identity theft per billion dollars in deposits for each of the 25 largest banks in the United States.

Interestingly, ING came out smelling like a rose, with just 0.085 incidents per billion dollars in deposits, whereas HSBC came in dead last*, with 21.293 incidents per billion dollars in deposits.

Other notables included Bank of America, which was second worst with 17.646 incidents/billion, Washington Mutual (3rd worst) with 16.163 incidents/billion, JP Morgan/Chase/Bank One (4th worst) with 11.306 incidents/billion, Wells Fargo (5th worst) with 10.117 incidents/billion, US Bank (6th worst) with 9.360 incidents/billion, and Citibank (7th worst) with 7.450 incidents/billion.

One thing that you’ll notice is that, while these data are scaled against the size of the bank, it’s still the biggest banks that are doing the worst. In fact, the seven worst banks listed above are amongst the nine largest banks on the list.

Despite ING Direct’s major online presence, ING is the fifth smallest bank on the list. This makes me wonder if there’s a meaningful difference in security practices, or if bigger banks are disproportionately targeted by fraudsters because they’re so large and well known.

If you’re concerned about bank solvency, check out my list of the safest online banks according to Bankrate’s “Safe and Sound” ratings.

*Note that this is a rating of each bank overall, and not just their online endeavors.

Published on March 6th, 2008 - 9 Comments
Filed under: Banking, Identity Theft
email this article - digg this - stumble it - save to del.icio.us

Did you find this article useful? If so, please sign up to receive e-mail updates:

Comments (scroll down to add your own):

Another interesting point, last I checked, it seemed like HSBC has you jump through all sorts of verification hoops and mail forms back and forth for security purposes. Whereas ING is one of the easier places to open an account.

I’ve even heard people say something like, “yeah, it was a pain to open my account at HSBC Direct, but at least I know my information is safe.”
Comment by Dylan — Mar 6th 2008 @ 2:28 pm
Interesting information since I have an account with ING. It’s not why I signed up, but good nonetheless.
Comment by Fiscal Musings — Mar 6th 2008 @ 4:35 pm
Phew, I am glad to hear that. I just signed up with ING in February and have been really happy with them so far — and that makes me feel even better. However, my credit cards and other accounts are with Bank of America. Better keep my eye on those.
Comment by emilyg — Mar 6th 2008 @ 4:43 pm
One thing to remember is those numbers are based on what people are reporting. They don’t differentiate between people who had their identity stolen through HSBC and people who had their identity stolen elsewhere but the fraudster opened an account at HSBC.

Often people don’t know exactly when/where/how their info was taken, so some of these are guesses.

Many years ago my mother had her credit card number stolen and thousands of dollars charged (in the middle east) while she still had her card in her hands. For weeks she was blaming a gas station in NJ where they pump your gas and physically walk away with the card for a few minutes to charge it (this was before pay-at-the-pump).

Turns out that it was an employee at one of the big three credit reporting bureaus who stole a huge file of customer info. So if she had filed a complaint part way through the process she would have identified the gas station as where the info was stolen.
Comment by EA — Mar 6th 2008 @ 5:51 pm
That makes me feel really good! I’m a huge advocate of ING and this just backs up everything I’ve been telling my readers. Thanks for the stats!
Comment by thehungrydollar.com — Mar 7th 2008 @ 11:49 am
Another interesting point, last I checked, it seemed like HSBC has you jump through all sorts of verification hoops and mail forms back and forth for security purposes. Whereas ING is one of the easier places to open an account.

I suspect that they might be related; in my experience, there is an optimum number of hoops one can jump through for security before it starts to take the opposite effect. For example, if you require two passwords (as HSBC does), then it becomes more likely that customers are writing down their passwords on slips of paper which are easily lost or stolen.
Comment by Independent George — Mar 7th 2008 @ 12:43 pm
The article doesn’t differentiate between breeches through cracking the site versus social engineering. It would make sense that through social engineering, larger banks would be affected.

One common scheme is phishing, where a mass email is sent out saying that “your account at such and such bank needs to verify information.” The person then goes to a fake site through the link provided in the email, and the fake site will ask for name, SSN, password, mothers maiden name, etc. This scheme will work better for a large bank, as a mass spam is more likely to get people that have Citibank or BofA accounts than a local credit union.

In the same vein, this is why Microsoft Windows is more likely to get a virus than Mac or Linux, as more people are likely to have Windows on their home computer, so the virus writer is going to write a virus that will infect the most computers available. This doesn’t mean that Windows is more suseptable to a virus, just that it is a more likely target. The same could be made for small banks versus large banks.
Comment by Steve — Mar 7th 2008 @ 1:07 pm
Steve: You’re right, which is why I wonder if it’s not the larger banks that are being disproportionately target. I regularly get phishing e-mails for all sorts of big banks that I’ve heard of, but it’s rare to receive on targeting a smaller bank.

Comment by nickel — Mar 7th 2008 @ 1:11 pm
Congrats to ING, that is some impressive figures. And thanks for pointing us in the direction of the NY piece, I hadn’t seen that one.
Comment by Harrington Brooks — Mar 14th 2008 @ 6:13 am