Cyberthieves put banks on guard
By Wayne T. Price
By Wayne T. Price
If it hasn't already, your financial institution probably is making it a little more difficult for you to bank online.
It may be as simple as asking you to change passwords and log-on names to include a combination of capital and small letters, as well as a numeral or two.
Some are "fingerprinting" computers, allowing banks to note changes in what computers customers use to make online banking transactions or inquiries. Also, some banks are asking customers to identify a photo — of a pet, for example — as a way to gain entry into the system.
Consumers like Susan Hartgrave, of Satellite Beach, Fla., a customer of Washington Mutual, couldn't be happier with the additional security measures for online banking.
"It's wonderful to be able to keep up to date on your accounts and to transfer money from one account to another when you need to," Hartgrave said. "If banks want to make extra steps to make the system more secure, I have no problem with that."
Financial institutions are bolstering their online-banking security measures after the Federal Financial Institutions Examination Council last fall called for a review of their procedures to make sure they're secure.
Part of that is because banking customers are able to do much more with their accounts these days — automatic payments, money transfers, etc.
"Online transactions were not particularly risky when the most you could do was go into an account record and move money around inside the account," said Timothy Antonition, executive vice president of retail operations at Melbourne, Fla.-based Space Coast Credit Union. "Once you can send money out of an account, as with a bill-payer transaction, the risk increases."
The Federal Financial Institutions Examination Council consists of five federal agencies, including the Federal Reserve System and the Federal Deposit Insurance Corp.
If online banking systems at certain institutions are found to be inadequate — and aren't changed — fines will be issued, said David Barr, spokesman for the Federal Deposit Insurance Corp.
"We expect banks to perform a risk analysis, and based on that risk analysis, provide an extra layer of security by the end of the year," Barr said.
The most common attack is through what's known as "phishing." Hackers send e-mails resembling official correspondences from banks or credit-card companies and then gain access to people's personal identification information when the individuals reply.
According to a survey by Gartner Inc., phishing attacks grew at double-digit percentage rates last year. In the 12 months that ended last May, an estimated 73 million U.S. adults who use the Internet said they definitely received, or think they did, an average of more than 50 phishing e-mails in the past year.
Gartner estimates that 1.2 million consumers lost nearly $1 billion because of phishing attacks. Most of the money stolen was repaid by banks and credit cards.
Phishing generally means that banks' security systems are working, said James Van Dyke, founder of Pleasanton, Calif.-based Javelin Strategy & Research.
"What's interesting is that banks' security systems are strong enough that criminals are trying to trick individuals into voluntarily giving away account access, because more direct methods are more difficult by comparison," Van Dyke said.
Nicole Hasty, Web operations manager at the Space Coast Credit Union, said an identity thief's best tool is not on the computer.
"The greatest security risk for criminal activity is in your mailbox and trash, where you may have paper documents that include private, unpublished information," Hasty said.