Bank of America to Launch Identity Theft Protection

May 27, 2005 at 06:28 |

Bank of America is launching a new authentication service to protect its customers against phishing and other attacks that target identity theft. Quote:

Bank of America will protect 13.2 million online banking customers with a new authentication service it calls “SiteKey,” the company said in a statement.

The free service will be launched in Tennessee in June and will eventually be rolled out nationwide.

SiteKey uses a combination of an image, user-created phrase and three challenge questions to authenticate both the customer’s identity and the authenticity of Bank of America’s Web site when customers log on, Bank of America said.

The new service is intended to help protect customers from identity theft, because information that is only known to the account holder must be presented, in addition to a customer ID and password, Bank of America said.

Details on eWeek.

Related Posts

Two Factor Authentication, Redux

MetLife to Launch Free ID Theft Aid

The Authentication Society

Consumer Measures Committee on Preventing Identity Theft

Massive Bank Security Breach in U.S.

Korea Solves the Identity Theft Problem

After Blackberry?

There are 0 Pingback + Trackbacks
This is the Trackback URI

One Response to “Bank of America to Launch Identity Theft Protection”

d
July 26th, 2005 at 21:35
It’s amazing how something can look good in theory to an executive ensuring the security of the customers, while completely disregarding the largest security threat. As a former Bank of America customer, dealing with their on-line banking was a primary reason that I closed my account with them. This new change only seems to exacerbate the current situation.

First allow me to describe the largest security threat: to log onto the Bank of America account you had to insert your actual account number. Iâ€™ve dealt with many on-line banking systems and this is the only one that requires the actual account numbers. This alone causes several security risks that a challenge question and picture can not eliminate. First, the account number is being transferred by the computer, so it would be very possible to intercept. Second, I don’t know many people who can remember this number, so they have to use some sort of notation system which could be stolen or even forgotten in shared computer areas.

In addition to this unique log-on information, when you first set up an on-line account Bank of America has to mail you the first password. Then if you forget your password, you are locked out of the system in three tries and have to wait a few weeks for a new password to arrive in paper mail format. These delays are not acceptable to on-line bankers.

While a challenge question isn’t a bad thing, what will happen when someone forgets that they previously wrote? (For example: H.S. instead of high school.) Will this be yet another cause for the online account to be frozen until a paper document is mailed to you? Security is one thing but more than 24 hour delays are another.

It seems like Bank of America isn’t addressing these issues at all, so I doubt that the added security feature will help to make on-line bankers more satisfied with Bank of America.