For local banks, the Internet has proved to be the ultimate double-edged sword, bringing new customers and new threats.

"The Internet is open to everyone, including crooks," Česká spořitelna spokeswoman Helena Matuszná said. "We've been forced to step up preventive measures because of the increasing attempts to misuse direct banking services here and worldwide."

Česká spořitelna, which has nearly 5 million online customers, added a text message (SMS) authorization program on all transactions via the Internet Oct. 1.

It is the latest in a flood of upgrades by banks after hackers stole tens of millions of crowns from 10 Komerční banka online accounts in August. Bank officials said there has been an increasing number of money leaks and unauthorized attempts to break into clients' accounts, but no bank official would disclose to The Prague Post how much they'd lost to the practice.

ČSOB, which implemented SMS authorization on all Internet payments in the fall 2003, will require it even to log into its Internet banking networks by the end of this year.

Citibank is set to introduce a token in November that should further upgrade the security of Internet transactions. HVB Bank already added that feature to its online accounts.

"Aside from their user name and personal identification number [PIN], all users will be required to enter a generated code," said Markéta Dvořáčková, Citibank's communications manager. "The code will be different for every single transaction."

Successful attack

The banks are cracking down after Komerční banka reported in late August that 10 client accounts were emptied by unknown pirates.

Although the bank did not release details about the theft, Hospodářské noviny reported that the stolen money was first transferred to other accounts within the bank. The holders of those accounts were then instructed by scam e-mails to transfer the money abroad.

In its response, Komerční banka not only compensated the affected account holders, but also launched the SMS authorization.

Komerční banka spokeswoman Romana Ondrůšková said the bank will also list the dates and times of particular transactions on clients' Internet banking Web pages.

The SMS issue

In order to be able to make a transaction, Internet banking users need to register their mobile phone numbers at their bank. To complete the transaction, users must wait for an SMS to their phones that will contain a special numerical code. They will then need to enter that code on the transaction screen to verify their authority.

Increased security comes at a cost. Users are not able to make transactions from abroad or in areas that lack a cell phone signal. High mobile-phone traffic may also lengthen the time it takes to make a transaction. And customers who do not have mobile phones will be required to use other security tools, such as personal certificates and chip cards.

"We've received several complaints that we were inconveniencing users," Česká spořitelna's Matuszná said.

Most banks agree that SMS authorization significantly upgraded the Internet banking security, even if it has made it more difficult for customers to access their accounts.

Dvořáčková admitted that the bank was also considering launching the SMS authorization system, but the potential customer complaints caused Citibank to use the security token instead.

ČSOB's Bednářová said, however, that, after three years of using SMS authorization, most customers are comfortable with it.

"About 70 percent of our online Internet banking customers prefer the SMS system for authorizing their transactions," Bednářová said.

High security

Internet banking services have been on the rise worldwide and in the Czech Republic in particular.

Nearly 18 percent of all banking services are currently offered via the Internet and about 9 percent over the telephone, according to a recent poll conducted by the research company Capgemini.

"The Czech Republic belongs among developed countries in terms of Internet banking use, and the share of Internet banking is higher than the world average," said Patrik Horný, Capegemini's director in the Czech Republic.

Most experts agree that Internet banking security is already strong.

"The level of Internet banking security here is relatively high," said analyst Petr Zámečník of financial server Měšec.cz

Bank representatives agree that piracy attempts against Internet accounts result from low protection of software and hardware used by customers.

"Should clients respect all security guidelines, it's virtually impossible to break into their accounts," HVB Bank spokeswoman Petra Kopecká said.