Online banking is taking significant steps toward total customer acceptance, indicating that more and more people trust the Internet for banking transactions, finding it a convenient and helpful service.
“We have seen steady growth in our online banking system since its introduction several years ago,” said Joseph C. Gibbs Jr., senior vice president of e-business services for Trustmark National Bank in Jackson. “With the introduction of multi-factor authentication, we have received even more comments from users that they are more comfortable with the security.”
At Trustmark, 26% of customers use the Internet to get balance and transactional information.
Is online banking safe? Gibbs said in general, yes, it is.
“That doesn’t mean one can ignore general safe computing practices though,” Gibbs said. “Are there fraudulent transactions that occur over the Internet? Of course. Does it happen a lot? Well, it is attempted often, but only in a rare case does it result in someone actually losing money or result in identity fraud.”
Banks use sophisticated measures to deter would-be fraudsters from cracking into systems. Gibbs said they may also require preventative measures that require customers practice safe online computing, such as requiring customers to use certain characters in their password and requiring a change of password at certain intervals.
Trustmark deployed a multi-factor authentication system in November 2006 as a requirement of federal regulators. This solution adds a couple of extra layers of security.
“Trustmark’s solution first requires the customer to select several questions and answers that only the user knows,” Gibbs said. “Second, an image is selected that only that customer or user knows. Third, a pass phrase is written by the user as a third element of authentication. The real benefit is the user sees an image and a pass phrase that only he or she could have selected, validating that they are at a trusted Trustmark online banking site, not a fraudulent site.”
There are two main threats banks are most concerned about. The first is phishing, a criminal activity whereby fraudsters attempt to gain enough information to allow them to gain access to credit card, bank account or personal information.
“This information could then be sold in the black market to others who may create fraudulent transactions or actually withdraw funds from a user’s account,” Gibbs said. “This is typically done through e-mail (mostly spam) to unsuspecting users. The e-mail may say, ‘ABC Bank, a legitimate bank, has noticed your account may have been compromised. Please click this link to log into your account to ensure it is not affected.’ Naively, the user clicks the link and they are taken to a site that is masquerading as ABC Bank.
“When the user enters his or her information, the user’s account has been compromised. As a safe computing practice, don’t click on links to financial institutions in e-mail unless you know they are legitimate and you are expecting the e-mail.”
The second main threat is the user unknowingly making her confidential login and password information available to others. Gibbs said users often utilize the convenient feature found in Internet browsers that allows customers to store or save their login and password information. This saves the user time, but also makes their account information non-secure to anyone else using that personal computer, such as family members, office co-workers or roommates.
“Customers should never store or save their login and password information in the browsers,” Gibbs said.
Pat Martin, director of public relations for Regions Bank, Birmingham, Ala., said customers are getting savvier about computer security such as looking for the lock at the bottom of the screen that indicated the site is protected by encryption.
“Plus we have safeguards such as when you log on passwords and challenge questions to answer,” Martin said. “We have safeguards on the front end, but we also have systems to monitor on the back end. We monitor suspicious activity. We have everything backed up.”
Users need to do their part, too. Martin recommends making sure virus protection is updated and that firewalls and spam blockers are in place. If you are getting a lot of spam or fraudulent e-mails, that may be a sign that something needs to be updated.
Online banking is increasing in popularity because customers want convenience.
“One of the great alternative delivery systems we have is online banking,” Martin said. “And it gains in popularity every day. It can actually help people catch any problems. If there is suspicious activity, I can go online right now and see exactly what is happening with my account.”
Common sense rules
Jeff Theiler, senior vice president and direct banking manager for Hancock Bank, said Hancock Bank has been very proactive in making sure online banking is safe by requiring 128-bit encrypted browsers, use of additional validation data beyond user ID and password as well as enhanced security features such as alerts, separate passwords for funds transfer requests and additional security questions based on customers’ computer profile and usage.
Theiler said online banking itself is safe, provided customers follow common sense steps:
• Don’t provide/share user ID and password with anyone, including spouses.
• Each person should have their own ID and password.
• Do not access online banking using an unknown computer such as at an Internet café, library or someone else’s computer (even if you know them). The computer may not have the proper security software such as anti-virus and spyware programs.
Internet banking is largely secure and very heavily regulated, said Sandy Turnage, director of engineering and senior security engineer at Pileum Corporation in Jackson.
“I’m not aware of anyone who has lost a large amount of money or any money with online banking,” Turnage said. “I know I have used it for several years with confidence, and have no qualms about it at all. I think banking in general is one of the most heavily regulated and thoroughly audited businesses out there, especially from the security standpoint. At some point during the year, every bank is required to undergo a security audit. Any bank with online banking capabilities is held to a higher standard during the annual audit.”
Most secure Web sites use the concept of “layered security,” which means a system doesn’t depend on any one safeguard to protect customer’s data. In the case of Internet banking, the first layer is the Web portal, which is essentially a software application that the banking customer logs into to access his account information.
The second layer is the Web server software that hosts the Web portal application. The third layer is the computer system, which hosts the Web server software. The fourth layer is the network infrastructure that connects the banking Web site to the Internet. It typically consists of at least one firewall and other network infrastructure components. “Each of these four layers has a unique set of potential security issues and each must be properly secured,” Turnage said. “It is very important that the appropriate security countermeasures be deployed at each layer to ensure the system as a whole is secure.”
Contact MBJ contributing writer Becky Gillette at email@example.com.