Online banking
security: Who's minding the vault? By Laura
Bruce • Bankrate.com As Americans improve their computer
skills and grow more comfortable with banking over the Internet, the hackers,
phishers and other fraudsters are honing their nefarious skills as well.
The Federal Trade Commission received 301,835 fraud complaints
and 214,905 identity theft complaints in 2003. Bank fraud accounted for 17 percent
-- more than 36,000 -- of the identity theft complaints. That represents just
the victims who actually filed a complaint with the agency. The FTC estimates
there were 10 million identity theft victims that year. The
hacker component
In a 2003 survey of financial institutions around
the world, 39 percent of respondents said their computer systems had been "compromised"
in some way the previous year. "The financial services
industry has always been a target. People go where the money is," says Ted
DeZabala of New York's Deloitte & Touche, the company that conducted the survey. "What
they want to get at is the mother lode, the internal system, so they can get many
customers simultaneously. If someone gets into a major institution's system, he's
looking for information about a lot of customers. People should be concerned that
there is a risk. The network age is upon us -- information is king and people
will go after that."
The
human dimension
Other areas of concern are the third parties with whom
banks do business. Those companies have your personal information -- how secure
are their computers? What about the people who work for the banks and affiliated
companies? "Third parties and employee access are a major
challenge," DeZabala says. "Any uncontrolled access point to a bank
is vulnerable. The (banks) themselves need to put certain levels of control in
place and they need to enforce their policies on third parties. There is a lot
of effort being put toward shoring up those controls. "When
an employee is terminated, they have to be eliminated from the system and passwords
have to be updated." Concerns about online safety are
a key reason why many consumers still shy away from online banking, according
to Larry Freed, CEO at ForeSee Results in Ann Arbor, Mich. "For
the most part, it's fear of the unknown. When my dad got an ATM card, he threw
it out. He didn't think it seemed secure. Why do so many people just take money
out of ATMs and don't make deposits? It's because they don't know where their
money goes when they slide it into that black hole. The banks need to educate
people on the security risk." Phishing
for information
It would be hard to fault consumers who are hesitant
about banking or making other financial transactions online. Hardly a week goes
by without a news report on a computer virus, worm or phishing attack that makes
the Internet seem like a risky place to move your money. Phishing
is when account holders receive an e-mail that purports to come from the customer's
bank, brokerage firm, credit card company, etc. Customers are told to click on
a link within the e-mail and update their personal information. Often, the phisher
is looking for the Social Security number or the credit card number with expiration
date and PIN. Unsuspecting consumers click on the link and are taken to a phony
Web site that often looks legitimate. They enter their personal information
and soon find their identity has been used fraudulently, their bank account emptied
or big bills have been racked up on their credit card.
| 
