Randy Janinda responded to my post from a while back, Citibank Hardware Tokens Defeated... at the exact time that Bank Systems & Technology talks about how Bank of America is attacking the weakest link in online security - user's desktops:
Recognizing that defenses are only as strong as the weakest link, Bank of America has moved to shore up an area that largely is beyond its control: customers' desktops. In a move experts say is a step in the right direction toward improving online banking security, the Charlotte, N.C.-based bank announced a partnership with Symantec (Cupertino, Calif.) in which the bank will offer the security solutions provider's software to online banking customers.
This is certainly a step forward, although it cynically just looks like a great marketing ploy by Symantec at this point (just another channel for promoting a 90-day free trial). And to Randy's point it does not address the hardest point to protect against - phishing - and fooling people into handing over their authentication. How can banks help customers protect themselves so that they don't have to jump through hoops to detect scamming websites? In an environment where software can be installed on a customer's PC, like BoA is trying to do with Norton, there must be software that can reinforce the browser against phishing attacks. This may have to be the next thing that BoA offers.
A post from the Improving New Account Opening blog