• E-mail
• Print
• Comment
• Font Size
• Digg
• del.icio.us
• Discuss article

Online Banking: A Better Security Bet?

Posted on: Monday, 13 February 2006, 09:00 CST

Reports of security breaches, hackers and phishing scams have consumers running scared about online financial transactions. However, a study released in January 2006 by Javelin Research and Strategy shows that Internet-related fraud problems are actually less severe, less costly and less prevalent than previously thought. According to the study, identity theft victims who detected the crime by monitoring their accounts online lost only about $551, compared with an average of $4,543 when the theft was detected from paper statements.

The difference is that the longer it goes on before you detect the fraud, the more it will cost you, and you're likely to discover it faster if you monitor your accounts online.

Online banking has grown steadily since first being introduced to consumers in the 1990s. More than 53 million Americans currently make some type of monetary transaction online, according to a study performed by Pew Internet & American Life Project, an organization that tracks the social impact of the Internet.

According to both the Javelin and Pew reports, growth in online banking is built on two trends.

The first is that Internet users are gaining more experience and, therefore, are more likely to participate in activities like online purchases and travel reservations.

Betty Reiss, senior vice president of media relations for Bank of America, says that when Internet banking was first introduced in 1995, banking customers made baby steps in their initial online banking attempt.

"Our customers traditionally started to bank online to look at transactions and move money between accounts. The next step was paying bills online. Once people tried paying bills online, they saw that it was easier and more convenient."

The second trend is that banks are more aggressively offering online banking as an option for their customers, and they are offering it for free.

"Online bill pay from Bank of America has been a free feature for our customers since 2002," Reiss says.

Reiss says Bank of America, which has the largest online-banking customer base in the United States, made bill pay free based on an 18-month analysis comparing online-bill-pay customers to offline customers. She says that over time, online-bill-pay customers had wider relationships and more loans with Bank of America, and stayed with the bank longer.

Still, even though banks have tried to make online banking attractive, some consumers refuse to take that route because of security fears.

But despite the series of recent security breaches, most bank-related crimes remain old-fashioned.

The Javelin study indicates that the most common source of misused information is a lost or stolen wallet, checkbook or credit card. More than 68 percent of ID theft and fraud occurred from offline means, compared to just 11.6 percent from online.

Paper statements from your bank, credit card offers and insurance claims also can be potential time bombs if someone, even your family member or friend, get ahold of them.

The Javelin study pointed out that in 26 percent of all cases of ID theft and fraud, the victim knew the person who had misused his or her personal information.

Bruce Cundiff, a researcher for Javelin Strategy and Research, says consumers reluctant to bank online face a greater threat of ID theft and fraud because they leave a paper trail that is easily accessed by thieves, family members and friends, which then gives them direct access to their important financial information.

Cundiff says, "Online banking gives consumers the ability to eliminate the physical statements, taking away the ability to get your information through that physical record."

Age plays a factor in who banks online.

For consumers aged 25-34, 65 percent do their banking online. Compare that to only 34 percent of consumers 65 and older.

"I believe that older generations are so accustomed to traditional banking that they are reluctant to try something relatively new," says Cundiff. "Also, because some older people are not familiar with the Internet and might find it overwhelming, they tend to stick with what they know and trust." - advertisement -

Cundiff says that enhanced awareness campaigns about online banking, as well as Web sites specifically set up for seniors, are being offered by several banks.

The Javelin study shows that victims are more likely to discover ID theft through self-detection than through general notification by companies, debt collectors or the decline of credit.

On average, consumers who bank online discover ID theft or fraud faster than those who rely on paper statements to view their accounts. The average online banker will view his or her accounts twice a month or more, compared to offline bankers who view their paper statement an average of once every 30 days.

According to the latest findings by the Federal Trade Commission released on Jan. 26, 2006, Internet-related complaints accounted for 46 percent of all reported fraud complaints. Credit cards and money orders accounted for most of the Internet-related fraud complaints. Over 680,000 identity theft and fraud complaints were received by the FTC in 2005.

The FTC estimates that identity theft affects nearly 5 percent of Americans, costing businesses and individuals a combined $53 billion annually.

"We certainly say, that despite online safety, consumers need to update their security tools because fraud on the Internet is alive and well," says Cundiff. "Just as traditional fraud and robbery has evolved over time, the same thing will happen online. Banks will have to evolve to keep the ever-present criminal out of their info."

Federal financial regulators are requiring banks that offer online monetary-based transactions to tighten online access by the end of 2006. The Federal Financial Institutions Examination Council, along with five other banking regulators, issued guidelines in October 2005 detailing the security requirements in a 14-page report.

The report notes that current single-step authentication is inadequate for high-risk transactions involving access to customer information or the movement of funds to other parties. Regulators say that a two-step authentication system should be the standard.

David Barr, an Federal Deposit Insurance Corp. spokesman, says that while the council offers the guidelines, it does not endorse any particular technology. Rather, the banks complete a risk assessment. Based on that assessment, they may or may not have to beef up security. The risk assessment will look at what type of information can be accessed online.

Barr says, "Banks can choose from a variety of security methods that provide two-factor authentication processes that verify customer identities. A two-step authentication process basically consists of combining a standard password with some other identity test that is harder to steal or fake."

The use of two identity tests should make it more difficult for thieves to raid accounts.

Some banks may choose additional security based upon each customer's risk assessment. Customers who just view bills online may have a low-risk security feature. Higher-risk customers who utilize online banking for several different types of transactions would receive a higher security feature.

Tighter security will be needed if the transactions include confidential information such as Social Security numbers, passwords or usernames, and credit card numbers.

A two-step authentication process is recommended for consumers who move money from account to account, pay bills online or view credit card accounts online.

Some banks are looking at computer fingerprinting.

Computer fingerprinting systems capture the serial numbers of computer parts, such as the hard drive. These numbers are used to generate a unique ID for the machine. Whenever a customer connects to a bank's Web site, the bank's online system recognizes the computer by the fingerprint and allows the customer to log on with a simple password.

If the customer does the bulk of his or her online banking from a particular computer, like a home PC, the fingerprinting system will establish that computer as authorized. However, if the customer logs on from another computer that is not recognized by the fingerprint system, the Web site will take the customer through a tighter sign-in process to verify his or her identity.

A key fob is another potential online security feature that provides two-step authentication. There are numerous types of key fobs that can be used. A key fob can be a physical object, such as a keychain or a device installed on a personal computer, that works with a customer's PIN number. The key fob displays a randomly generated series of numbers, which change periodically, usually every 30 to 60 seconds. A user first authenticates himself on the key fob with a personal identification number, or PIN, followed by the current code displayed on the device.

It is easier for the owner to know if the key fob has been stolen than a password, since it is a physical object.

This type of technology helps if criminals are using spyware on your computer because it essentially locks people out of your account by constantly updating the information used to log onto a secure Web site.

Other security technology like picture recognition takes computer keyboards out of the transaction. Because spyware only records key strokes and not mouse clicks, your bank can establish picture recognition as the second step in accessing your account.

Finally, Biometrics -- thumbprint readers or iris scans -- are yet another potential security feature that banks could utilize. This type of security tends to be more expensive that other types of technology, but could be used for high risk clientele who move large amounts of money between accounts.

"Online banking is growing and that is one of the reasons why we are issuing these guidelines," says Barr. "We want customers to feel comfortable, plus banks have reputational risks if they do not sufficiently protect their customers, not to mention additional costs if security breaches occur."

Barr goes on to say the FDIC, along with other financial regulators, expects banks to adhere to the guidelines.

Bank of America started offering its two-step SiteKey program to customers in June 2005. SiteKey is a multistep process that combines passwords with user-selected test questions and a digital system that "fingerprints" the user's computer.

Barr says that added two-step authentication measures will not wipe out ID theft and fraud 100 percent, but it will help to ensure a safer banking environment that you cannot get through traditional banking means.

Source: Bankrate.com

More News in this Category