Banks and other financial institutions should adopt stronger authentication measures, such as security tokens and smart cards, if they want to increase customer satisfaction with Internet banking, according to a panel of industry analysts. The panel -- which was comprised of security advisers from Yankee Group, TowerGroup and Gartner -- was made available recently on a media call arranged by RSA, the Bedford, Mass.-based security division of EMC.
While actual losses associated with ID theft have dropped by 12 percent in recent months, according to one recent report, and banks are quick to refund consumers for any losses due to identity theft, financial institutions should continue to seek ways to make their clients at least "feel safe," the panel recommended. "Perception is very important," said George Tubin, senior analyst with Needham, Mass.-based TowerGroup. "We've already seen the rise of financial fraud via e-mail pushing people back to using physical channels instead of Internet channels."
One failure of e-mail marketing, for example, is due to the barrage of phishing scams that dupe consumers into giving away their bank account information, passwords and private data, Tubin said.
Most banks have implemented some measures to mitigate online financial fraud but still more must be done, according to Ray Wagner, a managing VP at Stamford, Conn.-based Gartner. Associated technologies to safeguard a financial institution's reputation should be based on access control systems such as strong authentications, tokens and smart cards, Wagner noted. Standardizing Web services and federated authentications between different companies are also advised.
"Surveys tell us that consumers are asking for open authentication platforms," Wagner said. "They don't want to be limited to one device. Consumers want several options and they want to be able to authenticate it themselves."
When it comes to corporate data theft, Wagner noted that software that could instantly authenticate a laptop, PC or server when it is attached to a network is currently available. "The policy for network access control should be related to identity policy," he added.
Such policies could have prevented an attack against Framingham, Mass.-based retailer TJX's IT systems that resulted in the theft of TJX customer information late last year. The highly publicized incident involved millions of card accounts across all major payment brands accepted by TJX.
'A Bad Taste'
"It's important for consumers and small businesses to continue to use online services and Internet banking," TowerGroup's Tubin said. "Too many bad experiences put a bad taste in their mouths."
Part of the problem, according to the analysts, is that the architects of online attacks are better equipped than professional virus protection companies. "Online criminals are more adept at trading information," said Andrew Jaquith, a program manager with Boston-based Yankee Group. Compounding the problem, raw materials used in creating malware, Trojan Horses and other online attacks are free, Jaquith noted. "They have found the weak knee on the quarterback and they have gone after it." **
Courtesy of InformationWeek, a CMP Technology property.