Originally published December 7 2005
Bank website security to be increased
by Mike Adams, the Health Ranger, NaturalNews Editor
Regulators with the Federal Financial Institutions Examination Council announced recently that bank websites will be required to implement some form of "two-factor" security authentication by the end of next year, as user names and passwords are increasingly exploited by criminals.
In two-factor authentication, customers must confirm their identities not only through something they know, like a PIN or password, but also with something they physically have, like a hardware token with numeric access codes that change every minute.
Other types of two-factor authentication include costlier hardware involving biometrics or "smart" cards that would be inserted into designated readers on a user's computer.
Banks might also issue one-time passwords on scratch-off cards or require "secret questions" about a customer's account, such as the amount of the last deposit or mortgage payment.
The council also suggested that banks explore technology that can estimate a web user's physical location and compare it to the address on file.
The most common way of stealing consumers' personal identity data and financial account credentials online, known as phishing, typically involves sending e-mails that direct unwitting users to phony websites.
The Anti-Phishing Working group, an industry association, reported 13,776 unique types of phishing attacks in August.
While some financial institutions have given their customers electronic password tokens, those have tended to be optional.
"The agencies consider single-factor authentication, as the only control mechanism, to be inadequate for high-risk transactions involving access to customer information or the movement of information to other parties," the council wrote.
"Account fraud and identity theft are frequently the result of single-factor ...
FDIC spokesman David Barr said the rules will serve as standards that will be checked when banks' practices are audited.
Although the requirements apply just to financial services companies, the policy could stimulate wider use of two-factor authentication by other merchants that are willing to "federate" their websites with banks, said Michael Aisenberg, director of government relations for internet service provider VeriSign.
All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing LLC takes sole responsibility for all content. Truth Publishing sells no hard products and earns no money from the recommendation of products. NaturalNews.com is presented for educational and commentary purposes only and should not be construed as professional advice from any licensed practitioner. Truth Publishing assumes no responsibility for the use or misuse of this material. For the full terms of usage of this material, visit www.NaturalNews.com/terms.shtml