Wednesday, August 29, 2007

Online security - fix the source of the problem

Randy Janinda responded to my post from a while back, Citibank Hardware Tokens Defeated... at the exact time that Bank Systems & Technology talks about how Bank of America is attacking the weakest link in online security - user's desktops:

Recognizing that defenses are only as strong as the weakest link, Bank of America has moved to shore up an area that largely is beyond its control: customers' desktops. In a move experts say is a step in the right direction toward improving online banking security, the Charlotte, N.C.-based bank announced a partnership with Symantec (Cupertino, Calif.) in which the bank will offer the security solutions provider's software to online banking customers.

This is certainly a step forward, although it cynically just looks like a great marketing ploy by Symantec at this point (just another channel for promoting a 90-day free trial). And to Randy's point it does not address the hardest point to protect against - phishing - and fooling people into handing over their authentication. How can banks help customers protect themselves so that they don't have to jump through hoops to detect scamming websites? In an environment where software can be installed on a customer's PC, like BoA is trying to do with Norton, there must be software that can reinforce the browser against phishing attacks. This may have to be the next thing that BoA offers.

Technorati tags:

A post from the Improving New Account Opening blog


Anonymous said...

Just a quick note - BofA does offer an Earthlink Anti-Phishing toolbar, and the Symantec product also has a built-in toolbar for anti-phishing as well.

Phil Ayres said...

Really? I'd never have guessed, looking at their website (I'm a customer, so I'm sure I ignore most of the information on there anyway). They do have nice, readable information on many threats, including phishing.

Looking around, there is a link to the Bank of America toolbar. Shame its not linked from the other information.

Thanks for bringing it to my attention. Now I just need BoA to officially support FireFox as a browser.

Don't get me wrong, I think that its a good thing that BoA is putting effort into helping customers stay secure. In my opinion they have a great online service as well. It feels like they need to enforce the use of things like the toolbar, since many customers will just not take the time to download, install and understand them otherwise. Or at least make you sign-off to the risk each time you use the site if you choose not to use the available free tools.

Maybe a little too aggressive!