Online banking made safer
By SANDRA GUY firstname.lastname@example.org April 13, 2012 8:38PM
TIPS TO SPOT ONLINE BANK FRAUDS
** Emails from banks with whom you have no accounts.
** Emails asking for personal information to be submitted by clicking on a link.
** Attachments and attachments with ZIP files; the latter can execute hostile programs when opened.
** Suspicious salutations such as, “Hello, dear.”
** Beware similar emails from brokerages and tax-preparation firms.
** Don’t publicly post any information you might use as a password, such as your mother’s maiden name or your favorite pet’s name.
Source: Christine Frietchen, editor in chief, Consumersearch.com
Chicago’s tech community is helping develop solutions to protect online and mobile banking customers from hackers, phishers, cyberthieves, QR code fraudsters and a seemingly endless supply of criminals looking to steal people’s identities.
The problem is so big, some experts believe 39 percent of all desktop computers are infected by malicious software, or malware, aimed at taking over people’s bank account information. The problems make headlines daily: A security hack into a third-party processor of major debit and credit cards, unveiled March 30, may have put 1.5 million cardholders at risk, and in late March, Microsoft’s Digital Crimes Unit confiscated several computer servers involved in infecting computers with the ZeuS malware, which steals personal information and log-in details.
Authentify, a Chicago-based software company with 27 employees that will grow by one-third by year’s end, has introduced a free app that people activate on their computers and smartphones to link to their online bank accounts.
The service, called 2CHK and pronounced “two check,” allows bank customers who enroll to review their transaction details in real time via voice or text message.
The 2CHK service is the latest version of Authentify’s “out-of-band” innovation, which takes a customer off of the Internet to review his or her online banking transactions. The solution protects against “man-in-the-browser” attacks in which bad guys hijack a person’s browser and make fraudulent transactions surreptitiously. Newly issued federal bank guidelines that call for stronger online security cite out-of-band technology as an effective countermeasure against online banking fraud.
“Over time, you’ll see banks looking at what their customers are doing online to see whether they are staying in character based on their transaction habits and history,” said Peter Tapling, CEO and president who co-founded Authentify 14 years ago.
Authentify ranked No. 1,729 on Inc magazine’s list of the 5,000 fastest-growing companies in 2011 with three-year sales growth of 155 percent and 2011 revenues of $9.8 million. Its customers include five of the world’s top 10 banks, three of the five largest e-commerce websites and two of the four largest insurance companies in North America.
The company is hiring software code developers, sales and marketing representatives and customer service representatives.
Several local banks, including Harris Bank, Private Bank and Bank of America, use a complementary service from Trusteer, a Boston-based firm that lets bank customers download a free app to provide an additional security layer on top of their computer anti-virus software.
Trusteer, with 140 employees nationwide, including “a handful” in Chicago, lets banks offer the download to anyone, regardless of whether the person is a bank customer, and helps protect people while they shop or bank online.
Trusteer President Rakesh Loonkar said the company expects to double its workforce by year end, hiring salespeople, marketing representatives and software engineers, because of the increasing need for the security solution.
Tina Hauri, a risk management professional who lives in the north suburbs, said she clicks on the extra information that Trusteer offers at Bank of America’s website, such as whether Trusteer has blocked access to a suspicious website cookie or when it has validated a website address.
“It’s another layer of protection on top of firewalls and anti-virus software,” Hauri said.
Keith Gottschalk, chief operating officer at Old Second National Bank with 28 branches in the south and west suburbs, said the bank plans to give its customers an alternative solution — a secure, portable USB device that provides “secure tunnel” protection. The device plugs into the computer.
Old Second uses a product called Trusted Access from IronKey, Inc., a Sunnyvale, Calif., company. It isolates online banking activity from the rest of the computer, so even if the computer is infected, the online banking session remains private and secure.
The Aurora-based bank is also experimenting with a fingerprinting identity-verification system for people who cash checks, and closely follows customers’ habits when writing checks, using debit cards and doing on-line and mobile banking.
“The overall fraudulent activity is up 500 percent from five years ago. We employ a security and fraud group who focuses on monitoring for everything,” Gottschalk said.
People also must assume responsibility, especially as mobile banking becomes the “green field” of fraudster activity, said Jacob Jegher, senior analyst at Celent who specializes in fraud and digital banking.
A digital forensics study by viaForensics showed 25 percent of mobile banking apps provided inadequate security.
“We’re in an environment where people can’t play fully dumb — if you do something stupid online, it’s partially your own fault,” Jegher said.
Yet banks must improve their efforts to educate people.
One bank that flubbed is HSBC, which infuriated some of its online banking customers when it offered credit-card-sized security keys that customers found annoying and didn’t want to have to carry in their wallets, according to Jegher and media reports.
Michelle Perry, a customer service representative who lives in Bolingbrook, had to complain to the Better Business Bureau when her former bank failed to recognize a deposit she had made and instead charged her a $35 late fee for failing to cover two pending charges.
“I checked the bank’s automated system to make sure the deposit was credited,” said Perry, a 32-year-old mother of two children. “It caused so much stress. That $35 would have almost paid for a full tank of gas.”
Perry switched banks and got the penalty refunded.
Her experience shows how serious it is for banks to get smarter about making security easy to use and earning trust in the process, Jegher said.