The research from banking security specialist Trusteer – says that 47% actually `repurpose' their online banking user ID and password. According to the company, the findings are from a sample of more than four million users of Trusteer's Rapport secure browser technology, which is in active use by banks across North America and Europe.
Whilst the banks often issue their own random account IDs to customers – as is the case with HSBC, one of Trusteer's clients – there is also the problem of users then repurposing those credentials on other websites, which is exactly what 42% of users are doing.
But it gets worse, as, where a bank allows users to select their own IDs, it seems that 65% of users share this ID with other sites.
Amit Klein, Trusteer's chief technology officer, said that using stolen credentials remains the easiest way for criminals to bypass the security measures implemented by banks to protect their online applications.
"We wanted to see how often users repurpose their financial service usernames and passwords", he said.
"Our findings were very surprising, and reveal that consumers are not aware – or are choosing to ignore – the security implications of reusing their banking credentials on multiple websites", he added.
Following its research, Trusteer recommends that online banking users maintain at least three sets of credentials – one for exclusive use with electronic banking; one for with sensitive sites that contain private data on the users identity; and one for use on non-sensitive services.