Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »
Public Teleconferences
Join CIO Executive Council members and participate in the following live one-hour teleconferences:
* Managing Change: Centralizing Your IT Organization
July 29
* Transforming IT Teams
September 16
* Global CIOs: How to Lead on the World Stage
September 18
Apply today for a FREE subscription to CIO Magazine!
What Banks Tell Online Customers About Their Security
Six months after the FFIEC's rules for strong authentication took effect, we test what the country's three biggest banks tell their customers about online security.
May 29, 2007 — CIO — By the end of 2006, U.S. banks were supposed to have implemented "strong authentication" for online banking—in other words, they needed to put something besides a user name and password in between any old Internet user and all the money in a customer's banking account.
The most obvious way to meet the guidance, issued by the U.S. Federal Financial Institutions Examination Council (FFIEC), would have been to issue one-time password devices or set up another form of two-factor authentication. But last summer, when I did a preliminary evaluation of security offerings at the country's largest banks, I was pretty unimpressed. (See Two-Factor Too Scarce at Consumer Banks.)
Since then, I've given up on getting a one-time-password device, and have accepted the fact that banks are instead moving toward what might diplomatically be called "creative" authentication. (See Strong Authentication: Success Factors.) Given that man-in-the-middle attacks can circumvent two-factor authentication, a combination of device authentication, additional security questions and extra fraud controls doesn't seem like a bad approach.
But, I wondered, almost six months past the FFIEC deadline, what are banks telling customers about online security? As the chief financial officer of Chateau Scalet—and as a working mother about to have baby No. 2—I wanted to know if any of them could offer me enough assurance that I would take the online banking plunge as a way to simplify my life. I decided it was time to update my research from last year.
I called the call centers at each of the top three banks, identified myself as a customer with a checking and savings account, and told them I was interested in online banking but concerned about security. The point, yes, was to see what type of security each bank had in place. More than that, however, I wanted to see how well each bank was able to communicate about security through its call center. After all, what good is good security if you can't explain it to your customers? Here's what I learned.
The CIO's Guide to Mobile Security: Executive Overview and Checklist
Encryption Made Easy: The Advantages of Identity Based Encryption
Security Features of the BlackBerry Solution
How To Navigate Through an Era of Change
The Struggle to Achieve Agility and Reduce Complexity
New 2008 Report: Outbound Email and Data Loss Prevention in Today"s Enterprise
Selling IT's Strategic Benefits to Business
The Great Email Security Debate: Appliances, SaaS, or Virtual?
Oracle Helps Alltel Save $30 Million Per Year
Salesforce for Google Apps Webcast
Advanced DNS and Traffic Management Solutions: The Keys to Enhancing and Securing your Enterprise Network
The New "Black Art." Learn why few companies do DNS well. Why fewer can scale it.
Resource Alerts
Get instant email notifications by topic when white papers, webcasts, and case studies are added to our library.
Blogger Glitch Knocks Home Pages Offline
Kenya to Get Online Payment Gateway
Ohio Official Sues E-Voting Vendor for Dropped Votes
AMD and Mauritius Sign Deal for Low-Cost PCs
Black Hat: The Biggest Virtualization Security Risks
Facebook Stamps Out Malware Attack
Linux Patent Pool to Push for 'defensive Publication'
WiMax Forum Setting Up Certification Lab in India
Researchers Look to Cloud Computing to Fight Malware
2008 Olympics Open in Beijing
Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.
Over 25 tutorials on everything from business intelligence to virtualization.
