Banks invest in better security online

Fraud spurs tougher access to accounts

September 10, 2006|By Laura Smitherman | Laura Smitherman,Sun reporter

Online banking, a service that has spared consumers a trip to the branch and given them access to accounts with a few keystrokes, is about to become more complicated.

Banks are rolling out security programs to better identify online customers after federal regulators, alarmed by the rising incidence and sophistication of identity theft, imposed a year-end deadline. Many banks are trying to balance security with convenience, while grappling with costs and technological challenges.

For most consumers, the changes mean that a user name and password won't be enough anymore.

Users could be prompted to provide their dog's name or high school mascot when logging on to an account, or they could be required to enter the correct coordinates from a table on a card like those used in bingo or the childhood game Battleship. If they are a commercial client moving large amounts of cash, a fingerprint scan might be in order.

Some banks also are "deputizing" customers by enabling them to prohibit or limit certain kinds of transactions on their accounts, or by alerting them to suspicious account activity.

"They have really knuckled down, and you feel more secure when you log on," said Kat Hudson, 37, of Fells Point. She said she does most of her banking online after a thief stole her paper checks and tried to cash one. "I wouldn't say it's entirely foolproof, but I would say it's safer."

More than 35 million American households bank online, though the growth rate slowed to about 10 percent last year from more than 300 percent a decade ago, according to Online Banking Report, an industry newsletter. Financial institutions expect the added security will reassure current customers and draw technophobic consumers to the Internet, which is cheaper for banks to maintain compared with brick-and-mortar branches.

A poll by the American Bankers Association shows that one-fourth of customers go to the Internet most often for their banking needs, as opposed to branches or automated teller machines. Online transactions are projected to account for 44 percent of all self-service banking including ATMs and touch-tone phone systems by 2010, compared with 10 percent at the beginning of the decade, according to Tower Group Inc., a financial services advisory firm.

Several national banks have unveiled new anti-fraud protections. Bank of America Corp., the largest online banker and biggest in Maryland by market share, finished a national rollout of its program this summer and has begun airing television advertisements promoting it.

But many midsize banks and community thrifts have yet to implement the extra security, crunched between regulators who are refusing to move back the deadline and a dizzying array of security vendors, including startup companies, some hawking unproven products.

"Many institutions have failed to act, hoping against hope for a last-minute reprieve," analysts Susan Feinberg and George Tubin of Tower Group said in a recent report. "The regulators are serious. They are not kidding. Banks must stop stalling."

Federal regulators instructed banks late last year to assess risks associated with Internet banking applications and to implement the necessary security measures to ensure that an online customer is indeed who they say they are. The regulators gave banks until Dec. 31 to do so or face increased scrutiny from examiners.

Jason Herzberger, a 26-year-old Lutherville resident and victim of identity theft -- someone opened a cell phone account in his name -- said he also does most of his banking online and welcomes the security changes.

"It's a terrific concept," he said.

Internet banking was born a decade ago when banks such as Wells Fargo & Co., based in the technology hub of San Francisco, began allowing customers to view account statements online. At first such access required special software, but banks soon set up sites on the Internet. Since then, Internet use has exploded -- and so has online fraud.

Identity fraud cost industry and consumers $57 billion in 2005. While the number of victims has shrunk slightly, the crimes are scoring bigger payoffs that have grown 20 percent in two years to an average of $6,383. Nearly 10 percent of victims who knew how their personal information was stolen said it happened online, according to Javelin Strategy & Research, a consulting firm.

Still, security experts say few banks had employed what is known in the business as "multifactor authentication" to verify a retail customer's identity online, until regulators stepped in. Banking officials said fraud losses were small and didn't warrant the cost and customer confusion that comes with the extra security.

Some experts say consumers are more at risk of identity fraud from throwing a paper account statement in the trash than from banking on the Internet.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.