Some banks are phasing out the security images customers see when logging into their accounts, finding they offer little protection against modern computer criminals.

About a decade ago, banks began introducing security images — photos of beaches, teapots, coffee and foods, among other options users can select from — as a way to show customers that the web page they were logging into was legitimate and not a phony website designed by a fraudster. But cybercriminals have become more sophisticated, using tactics that bypass the images, such as scraping information off a screen to later replicate that photo on a malicious website, or lurking until after the customer logs in and hijacking afterward.

“I would call [security images] worse than useless,” says Avivah Litan, vice president of information security and privacy at the Stamford, Conn.-based research company Gartner Inc. “That bad guy is just sitting on your machine waiting for you to log in and look at the image, and then they’re in.”

US Bank

Bank of America got rid of its so-called SiteKeys this summer, finding that they are “no longer as relevant given changes in the landscape,” says Mark Pipitone, a spokesman for the bank. Instead, the bank added the option for customers to receive one-time passcodes via email or text, which must be entered in addition to a username and password to access an account. Customers can also now view their log-in histories and notifications when unrecognized computers or mobile devices are used to sign in.

Barclaycard, a unit of Barclays PLC, is also phasing out security images and promises that logging in will become “quicker and easier without sacrificing account security.” Barclays didn’t return requests for comment. Barclays will also text, email or call with passcodes when users log in from new devices.

Researchers at Carnegie Mellon University found last year that while security images were designed to thwart phishing attacks, 75% of the 482 participants in their study entered their passwords on a website even when the security image was removed, calling their use “generally not very effective.”

How working parents are sharing the load

Litan from Gartner says she has worked with banks that are hesitant to remove the images because customers have gotten used to seeing the photos and associate them with feeling more secure.

Some banks are sticking with security images. U.S. Bank spokeswoman Susan Beatty says the bank continues to use them among other security features.

“Many of our customers appreciate the added layer of protection that the security images provide,” she says.