| Online banking: A better security
bet? |
|
|
|
The use of two identity tests should make it more
difficult for thieves to raid accounts.
Some banks may choose additional security based upon
each customer's risk assessment. Customers who just view bills online
may have a low-risk security feature. Higher-risk customers who
utilize online banking for several different types of transactions
would receive a higher security feature.
Tighter security will be needed if the transactions
include confidential information such as Social Security numbers,
passwords or usernames, and credit card numbers.
A two-step authentication process is recommended for
consumers who move money from account to account, pay bills online
or view credit card accounts online.
Some banks are looking at computer fingerprinting.
Computer fingerprinting systems capture the serial
numbers of computer parts, such as the hard drive. These numbers
are used to generate a unique ID for the machine. Whenever a customer
connects to a bank's Web site, the bank's online system recognizes
the computer by the fingerprint and allows the customer to log on
with a simple password.
If the customer does the bulk of his or her online
banking from a particular computer, like a home PC, the fingerprinting
system will establish that computer as authorized. However, if the
customer logs on from another computer that is not recognized by
the fingerprint system, the Web site will take the customer through
a tighter sign-in process to verify his or her identity.
A key fob is another potential online security feature
that provides two-step authentication. There are numerous types
of key fobs that can be used. A key fob can be a physical object,
such as a keychain or a device installed on a personal computer,
that works with a customer's PIN number. The key fob displays a
randomly generated series of numbers, which change periodically,
usually every 30 to 60 seconds. A user first authenticates himself
on the key fob with a personal identification number, or PIN, followed
by the current code displayed on the device.
It is easier for the owner to know if the key fob
has been stolen than a password, since it is a physical object.
This type of technology helps if criminals are using
spyware on your computer because it essentially locks people out
of your account by constantly updating the information used to log
onto a secure Web site.
Other security technology like picture recognition
takes computer keyboards out of the transaction. Because spyware
only records key strokes and not mouse clicks, your bank can establish
picture recognition as the second step in accessing your account.
Finally, Biometrics -- thumbprint readers or iris
scans -- are yet another potential security feature that banks could
utilize. This type of security tends to be more expensive that other
types of technology, but could be used for high risk clientele who
move large amounts of money between accounts.
"Online banking is growing and that is one of
the reasons why we are issuing these guidelines," says Barr.
"We want customers to feel comfortable, plus banks have reputational
risks if they do not sufficiently protect their customers, not to
mention additional costs if security breaches occur."
Barr goes on to say the FDIC, along with other financial
regulators, expects banks to adhere to the guidelines.
Bank of America started offering its two-step SiteKey
program to customers in June 2005. SiteKey is a multistep process
that combines passwords with user-selected test questions and a
digital system that "fingerprints" the user's computer.
Barr says that added two-step authentication measures
will not wipe out ID theft and fraud 100 percent, but it will help
to ensure a safer banking environment that you cannot get through
traditional banking means.
|
