Thursday, July 14, 2005
Security Is Up A Notch
The banking industry has been hit hard this year by stories of compromised customer data. Bank of America has the largest share of online banking customers and has started taking security measures up a notch.
Bank of America has joined with SiteKey to provide a new online security procedure. It was initiated in Tennessee last month. It is being launched in Virginia, Maryland and Washington, D.C. this week, and should be available to customers nationally by the fall.
The system to be used was developed by PassMark Security from Redwood City, CA. To start, a customer has a thousand graphic images to choose from and can select any one of them. Next, they select a challenge question, such as the year and model of their first car. Then, they still have a customer ID and password to access their account.
When a customer logs on to internet banking, they can click on the SiteKey button and view the image they first selected. If they don't see that image, the site they're at is not the authentic banking site and is likely a spoofed site, phishing for their information. This is similar to a safe deposit box where each part has a key. If the keys don't match, there is a problem.
Wachovia is planning to enhance its security options later in the year as well. They are exploring the use of token cards for two-factor authentication. These cards are battery operated and display a different, randomly generated number every minute. This number needs to be entered in addition to a user name and password to gain access to the system.
The banking industry has been hit hard this year by stories of compromised customer data. Bank of America has the largest share of online banking customers and has started taking security measures up a notch.
Bank of America has joined with SiteKey to provide a new online security procedure. It was initiated in Tennessee last month. It is being launched in Virginia, Maryland and Washington, D.C. this week, and should be available to customers nationally by the fall.
The system to be used was developed by PassMark Security from Redwood City, CA. To start, a customer has a thousand graphic images to choose from and can select any one of them. Next, they select a challenge question, such as the year and model of their first car. Then, they still have a customer ID and password to access their account.
When a customer logs on to internet banking, they can click on the SiteKey button and view the image they first selected. If they don't see that image, the site they're at is not the authentic banking site and is likely a spoofed site, phishing for their information. This is similar to a safe deposit box where each part has a key. If the keys don't match, there is a problem.
Wachovia is planning to enhance its security options later in the year as well. They are exploring the use of token cards for two-factor authentication. These cards are battery operated and display a different, randomly generated number every minute. This number needs to be entered in addition to a user name and password to gain access to the system.
Wednesday, July 06, 2005
Providing ID Theft Data to FTC
The Identity Theft Assistance Center (ITAC) is sponsored by banks. Banks refer victims to ITAC to work on regaining their identities and limiting the damage done by the ID thief. They take consumers through the detailed tasks needed for this such as helping them review their credit reports, place fraud alerts, and notify companies that appear to have opened accounts in the consumer's name, for the thief. They have helped over 2,000 victims already. ITAC will now be providing information to the Federal Trade Commission.
The FTC places information collected from ITAC in its Consumer Sentinel database. This is accessible by more than 1,300 federal, state, and local law-enforcement agencies. It is used as a source of information to further ID theft investigations, said George Handley, a unit chief of the FBI's Financial Institution Fraud unit.
While banks have worked directly with law enforcement, with ITAC this pooled information will now be available. This pool should help law enforcement as they will have more information and it will cross jurisdictional boundaries. The Consumer Sentinel database provides such information and also helps aggregate individual reports to help spot large fraud schemes. This will allow aggregate damage to be seen from similar scams, as an example.
ITAC adds another resource to you and your customers, in addition to the excellent information from the FTC.
http://www.idtheftcenter.org/
http://www.consumer.gov/idtheft/
The Identity Theft Assistance Center (ITAC) is sponsored by banks. Banks refer victims to ITAC to work on regaining their identities and limiting the damage done by the ID thief. They take consumers through the detailed tasks needed for this such as helping them review their credit reports, place fraud alerts, and notify companies that appear to have opened accounts in the consumer's name, for the thief. They have helped over 2,000 victims already. ITAC will now be providing information to the Federal Trade Commission.
The FTC places information collected from ITAC in its Consumer Sentinel database. This is accessible by more than 1,300 federal, state, and local law-enforcement agencies. It is used as a source of information to further ID theft investigations, said George Handley, a unit chief of the FBI's Financial Institution Fraud unit.
While banks have worked directly with law enforcement, with ITAC this pooled information will now be available. This pool should help law enforcement as they will have more information and it will cross jurisdictional boundaries. The Consumer Sentinel database provides such information and also helps aggregate individual reports to help spot large fraud schemes. This will allow aggregate damage to be seen from similar scams, as an example.
ITAC adds another resource to you and your customers, in addition to the excellent information from the FTC.
http://www.idtheftcenter.org/
http://www.consumer.gov/idtheft/
