|
|
|
|
By 2007, customers will see a change when they go online to do their banking, though the state's institutions say they will try to keep the effects to a minimum. Still, those who have accounts at multiple financial institutions may have to learn a new trick for each bank.
The Federal Financial Institutions Examination Council in October told the nation's financial institutions that they have until the end of the year to do a risk assessment on their Web-based financial services and, when authentication procedures are deemed inadequate for security, organizations must add an additional layer to their procedures.
To get access to online banking, most banks and credit unions require a customer to identify himself by entering a user name and password, a method referred to as single-factor authentication.
The council said this doesn't provide adequate security in an environment of global fraud, phishing and identity theft, and gave financial institutions some guidance on options they could use to add another security layer.
Those in the industry say there are no reliable statistics on Internet-based financial fraud.
In 2004, Alaska consumers reported nearly 1,600 cases of fraud and identity theft to the Federal Trade Commission. Some 43 percent of the 433 identity theft complaints were cases involving credit card or bank fraud.
Those numbers probably don't show the whole picture, the FTC said in its report. And those in the industry say Internet fraud seems to be growing.
The new security layer would slow those numbers, at least for a while, said Robert St.Clair, vice president of electronic banking at First Bank, based in Ketchikan
"The security measure is based on protection (that would be) better than we have now," he said."Most people will be better protected than they have been. But ultimately, someone's going to break it."
New security layers could include identifying a previously selected photo, putting an encrypted token into a USB port or having a fingerprint scanned before gaining access to account information.
For online banking services, most of Alaska's banks and credit unions contract with third-party vendors, some of which have recently released this technology. Since the methods are so new, the price for the services is unclear, bank officials said.
"The technology part of this can be done, these things exist already," said Lisa Corrigan, executive vice president and chief operating officer for Alaska Pacific Bank in Juneau. "But can it be done in a cost-effective manner? That's another thing. We know we can make the deadline, but it's the costs we're worried about, the unknown costs."
Large banks, like Wells Fargo and Bank of America, have entire departments devoted to writing security programs, so they may have more control over the costs of implementing the technology.
No one interviewed for this story knew yet what the new security measures would cost their institutions. Most didn't even have a ballpark figure. Those contracting with a vendor for the services said costs would include an initial set-up fee and an annual per member, or customer, fee.
Terri Colson, vice president of technology at Credit Union 1, said that one vendor gave an estimate of about $80,000 for an initial installation fee and an additional $10,000 a year. Another wanted a smaller initial fee, at about $20,000, but wanted around $25,000 a year.
Still, none of these institutions had plans to pass those costs to their customers.
Many of the state's financial institutions interviewed the week of Jan. 3 were still reviewing what options were available, and none had yet made a firm decision.
Spokesmen at Alaska USA Federal Credit Union said officials there were considering a two-tiered system; one on the front end, that members would see, and another on the back end to help better identify and shut down phishing scams.
Credit Union 1 is looking at a couple of options, including a system that has members answer a question or two, the answers to which would have been provided to the credit union earlier. Questions may be mother's maiden name or a pet's name.
Or the credit union may have members identify a photo and possibly certain wording, again something the member had specified beforehand. Credit Union 1 hopes to have its system up in the third quarter.
First Bank, based in Ketchikan, is considering a matrix system. Here, customers would receive through encrypted e-mail, a card of numbers, something that resembles a bingo card. And similar to bingo, when logging on, customers would be prompted to fill in three random numbers from the card. First Bank hopes to have their system up by the second quarter.
A Northrim Bank spokeswoman said her company is still analyzing the regulation, and someone from the bank had planned to attend a training session on the regulation in mid-January.
Each of the representatives said their institutions want to find a method that adds the security, but does so in a way that doesn't inconvenience their customers.
No matter which option banks chose, all will devote energy toward educating their customers on the new methods.
"What we find, and I do this too, is that you get something in the mail, glance at it, and throw it in the trash," said Colson at Credit Union 1. "But if you don't respond to us and contact us, you won't be able to log on to online banking."
Melissa Campbell can be reached at melissa.campbell@alaskajournal.com.
AlaskaJournal.com | AlaskaStar.com | AlaskanEquipmentTrader.com
| Contact Us | Jobs | Subscribe
Copyright © 2007-2008 Alaska Journal of Commerce & Morris Communications Inc