As foot traffic to branches dwindles and online financial services expands, there is no more important function for bankers to consider than the means by which customers securely access their online and mobile banking pages. Concurrently, big changes are coming to digital certificates — which manifested themselves in the lock to the left of the URL broswer bar — and financial institutions must react quickly and decisively

By the end of October, Chrome and Firefox browsers will distrust all Symantec-issued certificates. The act is the fruition of a community investigation, – which found that Symantec or its resellers were  issuing certificates inappropriately, sometimes to unauthorized parties. At one time, Symantec issued nearly 30 percent of all the certificates on public-facing servers. 

Despite the best efforts of Internet governance participants, the decision is having a profound impact on businesses that operate on the Internet — including FIs — creating costs in the short term, and a need for more input in the future. 

Key questions discussed in this report:

  • Why are Google and Mozilla deprecating existing Symantec certificates?
  • What steps can banks take to adjust to the deprecation dates?
  • How are major browser influences shaping the Internet? 
  • How are criminals reacting to those changes?

Consumer data in this report is based on information collected in a random-sample panel survey: 

November 2017 survey of 5,000 respondents, the maximum margin of sampling error is +/-
1.39 percentage points at the 95% confidence level. 

Javelin conducted a series of interviews involving industry executives and other relevant stakeholders to gain an understanding of the Symantec Deprecation. Interviewees represented a variety of organizations, including financial institutions, certificate authorities, and browsers.