Improved Security for Online Banking
Acccording to recent reports, the feds will require bank web sites to strengthen their security precautions for internet customers. To this end, bank web sites are expected adopt some sort of “two-factor” authentication scheme by the end of 2006. In other words, customers will soon have to verify their identity using both a password (or PIN) and some sort of physical item, such as a hardware token that produces constantly changing access codes, or perhaps a ’smart’ card that the customer inserts into a card reader attached to their computer.
Other options include some sort of biometric verification, or perhaps technology to approximate the physical location from which the login attempt was initiated (presumably via IP address???) and compare it to the customer’s address. While I agree that security is a major issue when it comes to online banking, I’m less than thrilled about having to carry around a pocketful of dongles just to access my various accounts. And the other options have problems of their own. In my opinion, login systems such as the one used by ING Direct ($25 account opening bonus) strike a good balance between security and usability — they require an account number, PIN, and an additional (rotating) security question. Moreover, they’ve recently implemented a clickable keypad on their login screen which should help to protect against keystroke loggers.
[Source: Yahoo! News]
Published on October 25th, 2005 - 5 Comments
Filed under: Banking, Online
email this article
- digg this - stumble it - save to del.icio.us
Related articles...
» One Year Ago This Week (October 22nd - October 28th)» From the Archives (October 21st - October 27th)
» Online Financial Statements
» Online Banking Poll Results
» Online Banking Explosion
» Money Poll #7: Online Banking
» Money Poll #10 (Checkbook Balancing) Results
» HSBC Direct Adds (More) Annoying Security Features
Get via RSS
I have to wonder why they continue to require the account number, though, instead of creating login IDs. The account number is not a secret, but it is extremely difficult to remember, and a pain in the butt to keep entering.
Comment by Matt — Oct 26th 2005 @ 2:53 amThis is really not new news. E*trade already has available an RSA token. Login requires both password and the changing token number. Well nigh impossible to hack because the number changes frequently
Comment by Al Brockman — Oct 28th 2005 @ 10:44 amI really like ING’s clickable PIN pad. It is an excellent defense against key loggers on public computer (not that I’d look at financial data on a public computer without additional security I have at my disposal). I agree the requirement of the Customer number is a pain (I don’t remember mine, but I have it in a password protected application on my compurter and Pocket PC), I’d much rather have a personal ID I can make up.
Comment by Michael — Nov 1st 2006 @ 10:53 am