[SIG-IDtheft] US News & World Reports: Staying Safe Online Banking....
britta at projectliberty.org
Thu Aug 16 15:38:06 EDT 2007
Article from today that might be of interest to the group:
Banking Online? Tips for Staying Safe Phony E-mails asking for personal
information and other scams can drain your accounts By Kimberly Palmer
Phishing, a technique by which scammers try to gain access to personal
information, is one of the most common threats to online banking security.
Phishers send E-mails, often claiming to be from a bank, and ask the
recipient to click on a link and fill out personal information. The scammer
then uses that information to empty bank accounts or steal identities.
(Jeffrey MacMillian for *USN&WR*)
It's a common trick, and one that banks are getting increasingly savvy to
through stepped-up security. RSA, which provides information security for
large corporations, is one of the companies behind many of those new
security measures, including personalized images and software that sends up
red flags when a user is deviating from normal behavior.
*U.S. News* sat down with Christopher Young, vice president and general
manager of identity and access assurance for RSA, to ask him how consumers
can keep their identities safe from theft while banking online.
*How do banks prevent security problems, especially with so many people
There are many ways in which consumers' online banking can be made more
secure. Many banks now offer a set of images, asking users to select one
when opening an account. If people see that particular image each time they
log in, then they know it is really their bank's website [and not a fake
We also have risk-based analytics that measure whether you are logging in
from the same geographic location as usual, from your normal PC, and what
you're doing during your online session. If someone is checking a balance,
that would be a low-risk activity. If they are taking out large chunks of
money—or if your log-in location is in Eastern Europe instead of your home
in Illinois—that would cause the risk score to go up. If it becomes too
high, then the user might be asked for more information before proceeding.
*Doesn't that software interfere with people's privacy? Is someone actually
watching what they're doing?*
No—it is all contained within the "four walls" of the bank. And it's not
people looking at the [online activity]; the process is fully automated
*Is there anything consumers can do to reduce their risk of being scammed
while banking online?*
Most banks will tell you that there's a lot consumers can
They can install free firewalls and antivirus and antispyware tools that
help protect against a variety of online threats. They can also check their
banks' websites to see what security measures they offer—and then ensure
that they take advantage of these.
Finally, the best thing that consumers can do when they receive E-mails or
phone calls asking for their private information is simply not to respond.
Generally, your bank will not call and ask you for your Social Security
*What other mistakes do people make?*
On social networking sites, people post a lot of personal data that can be
exploited, including when they were born and where they live. It's like an
online cocktail party. Think about what you need to open a bank account—your
date of birth, address, and Social Security number. Some people post two out
of three of those pieces of information. I would not put my birthday on a
*Shouldn't you also always look for the "https" at the top of the computer,
instead of the normal "http," when you're entering personal information
Yes, that helps, but those things can be spoofed. It's possible to take
what's fraudulent and make it look authentic. You should always ask
yourself, "How did I get to this site?" Was it via another site that's
legitimate? Think about the context—just as you would in the physical world.
*What kind of security measures do you look for in your personal bank?*
I probably gravitate toward more security. One size does not fit all. For a
brokerage account, you probably want more security, because it may have your
life's savings. It's all a matter of degree. Adding too many layers of
security is like creating a building that no one can get in and out of.
There's a balance between needing more security and usability. You can't
make bank accounts too hard to access, or no one will use them.
*If consumers are scammed online and lose their money, would the bank give
them their money back?*
In most cases, they are protected. [Laws require banks to reimburse
customers for all but $50 of their losses, as long as they report the fraud
within a certain time frame.] Most banks, for good customer relations, will
cover more than is required by law.
*Problems in your financial life? Maybe it's a misleading marketing
campaign, workplace frustrations, or a money meltdown. E-mail us at
alphaconsumer at usnews.com. We'll pick cases to investigate and share with you
the best advice we find in our new Web column, Alpha Consumer.*
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Sig-idtheft