MUST READ: Congress demands answers from Google over Glass privacy concerns

Topic: Security

Better bank security scares off users? Oh well.

Summary: That was my first reaction to reading this just posted article on BBC.com.

Richard Stiennon

By Richard Stiennon for Threat Chaos |

That was my first reaction to reading this just posted article on BBC.com. The specter is raised that tokens, one time passwords, and security questions are going to increase the friction involved in online banking and lead to customer dissatisfaction. My reaction? Oh well.

It is better for banks to work on fixing their customer experience than address fraud issues due to their lack of action. Read further down in the article which is admittedly disjointed (probably an editor trying to raise the appeal of the piece, they do that you know) and you learn something interesting:

In late 2005 the US Federal Financial Institutions Examination Council (FFIEC) issued guidelines which forced banks to do more to protect online accounts.

Phishing statistics show a rapid move by the fraudsters to European banks and, said Mr Moloney, to smaller European banks using less protection.

Lists of phishing targets gathered by security companies show a huge shift away from big bank brands such as Citibank and Bank of America to Sparkasse, VolksBank and many others.

In other words, improved security is having an impact on phishing attacks! According to one source in the article online bank fraud descreased 67% while phishing attacks increased 40%. That is a tremendous justification of increased investment in security for banks. Keep it up!

Topics: Security, Banking

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion

  • I think that the issue here ...

    ... isn't so much that users are put off by the extra security measures, but it's more that "oh, so you mean that it wasn't secure" kind of thing. Also, since not all banks are rolling out the same security systems, customers are looking at what kind of security measures other banks are taking and wondering why they're not getting the same protection.
    Adrian Kingsley-Hughes
    Reply Vote

  • RE: Better bank security scares off users? Oh well.

    Too much security forces people to circumvent them. Users wil keep answers to security questions on their desktop in plain text, passwords in their email accounts so they can access them from everywhere, and security tokens are left at common places for easier access. Extra bank security will only band-aid the problem until phishers start to learn where to find these security treasures in each user's computer.
    wessidemd@...
    Reply Vote

    • Bank online security

      In my profession the old saying is "The reason it is so hard to idiot proof systems is that idiots are so ingenious"

      Better security and anti-phishing measures by banks are a good thing but nothing is foolproof and it is impossible to protect people from themselves.

      Remember these are the same people who also put their ATM pin on their cards because they don't have a clue.

      I personally activate all the security features offered and do not write them down.

      I especially like the new feature at Bank of America requiring a code be sent to your cell or home phone to add new accounts. I opted in that one as soon as it was offered.
      hcprobst@...
      Reply Vote

  • Bank Security

    I think the need for true "two-factor" authentication is neccessary. The point you make regarding tokens (such as the RSA SecureID device in use by E*Trade) is moot because its the same size as a VPN token (that i use for work). The token is small enough to fit on my keyboard and provide me with exceptional security. Unfortunately not more banks are offering this service, they are simply offering a "different" form of validation [NOT true two-factor, who you are and what you know].

    I for one would like to see the ATM cards get a little bit thicker and embed this device onto the card itself; maybe even tie it into your pin (IE> walk to ATM; swipe card; input PIN+6digit number on card) but also use this same device with a smart chip so say at home (Input ATM card in reader; input pin; then on website input 6digit number in window). That would be the ulitmate solution and any bank that could offer that I would switch to in a heartbeat.
    JT82
    Reply Vote
CNET Join | Log In | Privacy | Cookies Close