No need for a banking security league

There seems to be a lot in the press recently about security - and particular attention to the security measures the banking sector are taking to protect its customers accounts.  I think this is a clear case for continuous development.  Almost as soon as new security measures are put in place, there will be hackers and phishing attacks developed to break in.  Add to that the unwariness of some customers - how many times have we all been advised that our bank will never ask for our details by email , and how many people still fall into the honey trap ?  I regularly receive emails asking me to confirm my account details that purports to be from one of the major banks that I have never, knowingly, held an account with.

But do we really want to have a league table of the banks' security levels?  I can see the benefit of a "name and shame" campaign to stir up action where there is currently complacency.  But what might be the real outcome?  Many customers are intrinsically lazy, so I doubt it would cause a mass migration of accounts to the bank at the head of the league table. 

Equally, aren't we just inviting phishing incidents for those at the lower end of the league?  It seems to me rather than walking through the supermarket car park, the opportune thief is much more likely to aim for the car which doesn't have the flashing alarm light on the dashboard and does have the tell-tale sat-nav mark on the windscreen.  Why?  Because, without much thought, he can see the difference and decide which is the easier target. 

Do we really want to give phishing attacks a helping hand?.  Security is a serious point and we must all be vigilant and keep our security measures up to date; but before we start thinking about what to publish, let's think about what we're trying to achieve from it and work from there.