An IRM study reported in ZDNet, investigated 18 banks and their security measures for online banking and other technical procedures. Results showed that all of the banks "failed to provide customers with supplementary authentication tools beyond usernames and passwords. It said 13 of those banks were susceptible to long-term hacking attacks through the use of password-stealing programs and identity theft scams". The response of The Association of Payment and Clearing Systems (APACS) to the findings was one of defense, claiming the study was inaccurate and skewed.

The study results not only show an astounding rate at which companies are not implementing necessary security measures to safeguard customers, but it also shows APACS lack of interest and dedication to protecting their customers. This becomes a major problem because the banking and financial business is a prime target for phishers to impersonate. Therefore, these companies, especially, should take the time to set up security expectations and normalize security processes. If not taken seriously, the brand will slowly deteriorate and cease to exist, due to company inaction – a sure fire way to lose revenue.

If companies are merely relying on a message at the bottom of an email stating: "This is a legitimate email from CitiBank" to gain customer trust, there is nothing that will stop a phisher from displaying the same message at the bottom of their emails. Safer practices must be implemented in order to identify their email as legitimate. This includes setting up new standards for sending email using email encryption tools, and then familiarizing these standards with customers.