Are Security Images Worth It?

Amanda Kohn by on Sep 17, 2014

securitySite-authentication or security images such as Sitekey can be found when encountering the login process for many financial websites. Out of all of e-Monitor firms, only five have security images in their login process. Recently, Sharebuilder and Raymond James removed their security image from the login process. According to a representative from Sharebuilder, “The security image was removed for an easier transition and for the interface of the website.” A Raymond James representative claimed, “The SiteKey image was removed to simplify the login process and clients can access their account in fewer steps.”

So the question remains: Are security images beneficial for clients and keeping their information safe, or do they simply add an unnecessary step to the login process? Answers vary, but there are pros and cons for both.

Edward Jones Security Image
Edward Jones Security Image

Security images such as Sitekey provide an extra precautionary step to avoid phishing scams by preventing users from mistakenly entering their username and password to an imposter site. PNC claims, “Every time you [the client] sign on to PNC Bank Online Banking you will see your Personal Security Image and Caption. These settings – customized by you – let you know that you are at the PNC Bank Online Banking site and not an imposter site.” When clients see their security image, the extra step to the login process reassures them that the site is legitimate and their account information is safe; the image represents a sense of security. Moreover, Bank of America explains that Sitekey images help with identify verification: “We display your SiteKey image when we recognize the device you are using to log in. If you don’t sign in from a device you told us to recognize, we’ll ask a challenge question.” In all, security images are beneficial by offering another step to enhance security, to help with identity verification, and to verify that the website is legitimate.

 Vanguard Security Image Selection Page
Vanguard Security Image Selection Page

Despite the pros, firms may decide to avoid using security images due to ineffectiveness. As supported by the 2013 Carnegie Mellon University study[1] on the effectiveness of security images in Internet banking, clients may not necessarily notice their security image during their login process. Researchers tested the ability of 482 users to notice and appropriately react to the absence of security images by removing the site authentication image from the simulated banking website, which mimics a real banking website. Out of the 482 participants, 75% (or 352 participants) entered their passwords when their security image and caption was not displayed and 27% (or 130 participants) chose not to log on due to cited security concerns. This study questions the extent to which security images are effective, and based on the results, the images are generally not as helpful as users and firms would like them to be.
In the future, it should be interesting to see whether firms continue to use site-authentication images or remove the images altogether. It is clear that these images can be beneficial – however, there should be alternative security features to protect clients’ accounts.


[1] Carnegie Melon University Study is accessible from: http://www.ece.cmu.edu/~lbauer/papers/2014/w2sp2014-securityimages.pdf