(continued
from previous page)Online banking security: Who's
minding the vault? -- Page 2By Laura
Bruce • Bankrate.com
Dan Maier of the Anti-Phishing Working Group, an association
open to financial institutions, online retailers, law enforcement
agencies and computer experts, says phishers are far more successful
than spammers.
"We've heard of response rates ranging up to
5 percent of bank customers responding to the e-mails. One bank
said $4 million had been drained from accounts over a period of
a couple of days. Early on, amateurs, hackers and spammers were
among those who had gone to the dark side. More and more the attacks
are professional and widespread. Once an attack is launched, the
bank has to shut down the source -- the Web site -- as soon as possible.
Then it has to notify their customers.
"Banks are getting better at the shut-down part,
but there are challenges," says Maier. "Sometimes the
site is hosted overseas by Web-hosting sites that specialize in
anonymous hosting and protect against law enforcement shutdowns.
So they may be actively hindering shutdowns."
Frank Trotter, CEO at EverBank,
an online bank that opened in January 2000, says security against phishing and
other online attacks has been a major issue since day one. Modern
bank robbery
"From a thief's standpoint, phishing is pretty effective.
Bank robbery has been a tradition since banks were first formed. This is bank
robbery or attempted bank robbery. We've sent all customers multiple e-mails warning
them against phishing and notifying them how we see it occurring in the market.
We treat the online environment as though it's our primary branch. We spend a
tremendous amount of time on security and educating current and prospective customers."
Phishing is something consumers can protect themselves against.
Your financial institution won't ask you to click on a link in an e-mail and list
personal information. If you have any questions about an e-mail, notify the bank
and ask for an e-mail with a security
certificate. "If a customer thinks their account
has been violated, they can send us an e-mail and get a response that's authenticated,"
says Ilieva Ageenko, director of emerging enterprise applications at Wachovia.
"Secured e-mail is a key to defeating fraud." Worst
enemy
But when it comes to online banking security, the biggest threat
to consumers may be the person in the mirror. Many of us aren't the best at guarding
our passwords and PINs. We write passwords on a piece of paper and then stuff
it in our wallet or leave it in a desk drawer. We log onto our bank account at
work or at a public access computer and then walk away. We make an ATM withdrawal
and toss the receipt. Fortunately, most banks now save us from ourselves by printing
only a partial account number on the receipt. "Consumers
are a funny group," notes DeZabala. "They want perfect security but
they don't want it to be intrusive. 'I don't want to go through a lot of things
to get in, but don't let anyone else get in and don't make me carry a card and
don't make me change my password too frequently because I can't remember it.'" Many
banks and brokerages have extensive information on their Web sites to educate
consumers about e-mail and other online fraud. You'll find tips on how to recognize
potential fraud, how to report it, and what to do if your account has been compromised.
The FTC also has steps
to take if you think your identity has been stolen.
| 
