In an effort to improve the safety of online banking for its customers, KeyBank recently began piloting an e-mail certification service from Mountain View, Calif.-based Goodmail Systems. The service provides the bank's e-mail recipients with an extra level of security against phishing and other e-mail fraud, according to Daniel Tyrpak, channel manager of Cleveland-based KeyBank ($88.9 billion in assets). "We're always looking for ways to minimize phishing and its impact on our clients," he relates.
Initially, to combat online attacks, KeyBank tried to educate its customers on how to spot phishing attempts. The bank even established a dedicated phone line and e-mail address for its customers to report phishing attempts. "We placed a lot of emphasis on communication," Tyrpak says. Although KeyBank experienced success with its educational efforts, it decided to take its e-mail security to the next level, he explains. "We've had our fair share of phishing [attacks]," concedes Tyrpak.
KeyBank became aware of Goodmail's services when the bank's e-mail platform provider, Redwood City, Calif.-based Responsys, partnered with Goodmail to provide Responsys' customers with additional security. "Goodmail's CertifiedEmail is an important step toward providing a safeguard against fraud and gives our customers increased deliverability," said Heather Palmer Goff, director of ISP relations and deliverability for Responsys, in a release.
In June, KeyBank began a pilot program of Goodmail's CertifiedEmail Charter Sender Program, which encrypts the bank's outgoing e-mails with a secure token that must be detected by recipients' Internet service providers before the messages are delivered. To help consumers distinguish between real and fraudulent e-mails, authenticated e-mail messages are marked with a trust symbol indicating that the messages legitimately are from KeyBank.
A May online survey from the National Cyber Security Alliance of 1,055 adults shows just how hard it can be for consumers to recognize when they are being phished. In the study, 87 percent of consumers polled said they were confident they could recognize fraudulent e-mails, yet 61 percent failed to identify a legitimate e-mail. Most respondents categorized all e-mails in the study as fake, even though one was legitimate.
Testing the Water
Currently, Goodmail has relationships with AOL and Yahoo!, and has plans to increase the number of ISP partnerships, according to John Ouren, SVP of sales and business development for Goodmail. Consequently, the KeyBank pilot includes customers who use AOL and Yahoo!, which comprises about 38 percent of the bank's online customers.
The pilot program will begin with certified e-mails containing customer statements, Tyrpak relates, and will be expanded to include e-mails for transactional programs. The pilot will last three to six months. After that time, the bank will evaluate how many more ISPs have signed on to Goodmail's program to decide the bank's next step.
At the conclusion of the pilot, according to Tyrpak, the bank will evaluate the success of the CertifiedEmail program based on factors such as delivery rates, open rates, customer surveys and client feedback. "The test will show if this new service will help distinguish authentic communications from fraudulent scams and provide an extra layer of security," he says. * --Nancy Feig
World Wide Fears
In an online survey of 1,055 adults by the National Cyber Security Alliance (Washington, D.C.) consumers were asked to identify their fears regarding online transactions.
|Percent of respondents|
|Giving your information to a fake Web site||68 percent|
|Having a hacker steal your financial information||66 percent|
|Having someone steal your bank account information while conducting business with a reputable Web site||65 percent|
|Concerns about viruses and malware||62 percent|
Multiple responses allowed.
Source: The Online Fraud Report, The National Cyber Security Alliance and Bank of America, May 2006