Two-Factor Too Scarce at Consumer Banks

A search for strong authentication in online banking comes up short.

By Sarah D. Scalet
Tue, July 11, 2006

CIO — Every time I turn around, there's a bank trying to sell me on online banking. They pitch online bill paying as a convenience, which I guess it would be, but let's face it—the real convenience is to the banks, because of the money they could save on processing fees and tellers. Thing is, some of us simply don't want it to be that easy to transfer funds out of our checking and savings accounts. We want it to be harder.

That's why for years I've been saying that I won't sign up for online banking until a bank offers me strong authentication. Keep your $50 new-customer incentive or the low-end iPod, I say. Instead, I want an RSA token that generates a security code that I punch into a website, in addition to my user name and password. Or a keyfob that I stick into the USB slot of my desktop computer whenever I move funds. Heck, I'd even proffer a fingerprint if the bank would send me the biometrics reader. And I know I'm not alone. Larry Freed, president of the research group ForeSee Results, says that security concerns are slowing the growth of online banking. "People that are not using online banking are very concerned with security," says Freed, a former banking CTO.

In October 2005, it looked like my wish might finally come true. The U.S. Federal Financial Institutions Examination Council, or FFIEC, issued a requirement that banks strengthen the way they authenticate online transactions. (See "Second Thoughts on Second Factors" for my colleague Scott Berinato's rich analysis of what the FFIEC called its "guidance.") The FFIEC move was widely interpreted as a mandate that would push more banks to two-factor authentication. Hip, hip, hurrah!

Now-just six months until the FFIEC's end-of-year deadline-seemed like a good moment to take stock of the current consumer offerings for online banking. I spent several hours looking at what Fortune 100 banks tell prospective online banking customers about security, liability and authentication. This wasn't a scientific study, mind you. I didn't set out to get an insider view of which banks are the most secure or have the best anti-fraud defenses, nor do I have any way of gauging how well banks actually keep the promises they make. I simply looked at what the websites and marketing materials say about each bank's online practices. Unfortunately, it appears that we still have a long way to go before most online banking sites are "hard" enough for me to use.

1 2 3 4 next page »

You are here: Business/Management Topics » IT Organization » Alarmed

Most Recent Privacy Stories

White Papers »

Converged Infrastructure for Dummies

As you know, everything is mobile, connected, interactive, and immediate. This is exactly why organizations need a highly agile IT infrastructure in order to keep pace with extreme fluctuations in business demand. This book will help you understand why infrastructure convergence has been widely accepted as the optimal approach for simplifying and accelerating your IT to deliver services at the speed of business while also shifting significantly more IT resources from operations to innovation.

Quantifying the Business Value of VMware View

For this white paper, IDC performed an in-depth analysis of the business value of VMware View, defined as the expected ROI associated with the use of the solution as a platform for the targeted deployment of a virtual desktop infrastructure.

Virtualization reduces costs and complexity for mid-sized businesses

This paper explains virtualization, its benefits for mid-sized business and how IBM's virtualization strategy can help these companies reduce costs, improve services and simplify management.

A Standard Branch Office IT Platform to Optimize and Consolidate

Forrester Research makes recommendations on best practices to optimize branch virtualization and consolidation initiatives. See how a "thin" branch architecture, with key servers, services and applications in the data center that relies on a high-performing WAN connection, can offer the greatest efficiencies.

Maintaining Continuous Compliance - a new best practice approach

When trying to achieve continuous compliance with internal policies and external regulations, organizations need to replace traditional processes with a new best practice approach and new innovative technology, such as that provided by IBM Tivoli Endpoint Manager.

Rewriting the rules of Patch Management

IBM Tivoli Endpoint Manager helps organizations automatically manage patches for multiple operating systems and applications across hundreds of thousands of endpoints regardless of location, connection type or status.

Webcasts »

Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere

Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as support considerations

Quantifying the Business Value of VMware View - Webcast

Many enterprises have discovered that the use of virtualization to support desktop workloads creates a range of significant benefits. These benefits include price efficiencies, improved IT management and greater agility and choice for end users.

This VMware sponsored webcast with IDC will provide both quantitative measurement of the business value -- defined as the expected ROI -- and qualitative analysis associated with the use of VMware View™. IDC will also provide an analysis of the View Composer and ThinApp™ features of VMware View, including the business value of these solutions and an overview of how they work.

Attend this webcast to learn about:
- Challenges and barriers that might impede the adoption of desktop virtualization
- Navigating roadblocks to facilitate a strategic implementation
- Optimizing qualitative and quantitative benefits to IT and your business

Architecting a Modern Approach to Data Management

Applications are changing - they're increasingly web-oriented, global in nature and run from multiple device types. Additionally, the volume of data is growing exponentially every year. How do you ensure your applications have fast, accurate, up-to-date information in this new world? Modern applications are data-intensive; delivering data the old way using monolithic databases isn't working. What's needed is a modern approach to data. One that scales-out as needed and delivers predictable high performance, but without sacrificing data consistency or integrity.

Introduction to VMware View 5

VMware View™ 5 simplifies IT management while increasing end user freedom by delivering desktop services from your cloud. Building upon VMware's leadership in desktop virtualization, VMware View 5 delivers a high-performance user experience while giving IT greater policy control.

View this webcast and find out how VMware View 5 can help you:
- Deliver the highest fidelity experience of desktop services across any device and any network
- Simplify and automate IT management, security and control of desktop services
- Reduce the costs associated with your desktop environment

The CIO's View: Time-to-Value Through Automation

IT professionals are being asked to deliver faster "time-to-value" than ever before. An IDG Research survey found that CIOs are eager to invest in technologies that will enable them to get new applications and services up quickly, achieving faster time-to-value.

5 Steps to Successful IT Consolidation

Learn how to reduce IT management overhead, ease revision control, guarantee data security, scale systems more quickly and reduce server and software costs.

Newsletter Sign-Up »

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter