security
Bank of America (BofA) has decided to go the extra mile in the
fight against online crime with the introduction of SafePass, a
two-factor authentication system that can be used by customers as
an additional optional security feature in conjunction with its
existing online security system, SiteKey.
Go deeper with GlobalData
BofA explained that SafePass is a free service that delivers a
one-time-use six-digit code as a text message to consumers’ mobile
devices that they can use to authorise sensitive online
transactions. As an additional security measure, the code expires
as soon as it is used or within ten minutes after it is
issued.
BofA is also piloting the SafePass card that will generate a
one-time code when the customer presses a button embedded in the
card. The wallet-sized SafePass card will be released later this
year to the bank’s online brokerage clients of Bank of America
Investment Services and in 2008 will be made available to consumers
and small business customers as an optional feature that can be
used in place of or in addition to the mobile phone option.
“Combined with SiteKey, SafePass provides online customers with a
much greater level of security,” said Lance Drummond, e-commerce
executive for BofA.
The largest bank in the US, BofA also boasts the largest active US
online banking customer base – 22.2 million as at 30 June 2007. Of
these, 11.6 million are active bill-pay users and paid $56.3
billion worth of bills in the second quarter of 2007.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataSiteKey was developed by software vendor Netcraft, now part of
online security company RSA, a unit of US technology group
EMC.
Defence against phishing
When BofA adopted SiteKey in June 2005 it became the first major US
bank to introduce an extra level of protection for online banking
that went beyond the traditional user name/password login process.
In essence, SiteKey is an anti-phishing security service that
includes an image, a brief phrase and three challenge questions
that help customers confirm that they are at the legitimate bank
website and help the bank verify customers’ identity.
Phishing is the creation of a bogus website that replicates that of
a legitimate bank or other online service provider in a bid to lure
people into disclosing sensitive information such as bank account
numbers.
However, SiteKey has come in for criticism from security technology
experts. Among them, Avivah Litan, an analyst at research company
Gartner, noted in late 2006: “Bank of America’s SiteKey system
fosters consumer confidence but cannot be wholly relied on to
effectively reduce fraud.”
An in-depth research study conducted by US research institute the
Massachusetts Institute of Technology (MIT) Computer Science and
Artificial Intelligence Laboratory into the effectiveness of
leading security toolbars, including Netcraft’s SiteKey, came to a
similar conclusion. When subjected to simulated phishing attacks,
“all failed to prevent users from being spoofed [fooled] by
high-quality phishing attacks”, the MIT researchers revealed.
The primary susceptibility of the security systems identified was
man-in-the-middle phishing attacks. Software development industry
body the Business Software Alliance explained that in these attacks
a fraudster funnels communication between a consumer and a
legitimate organisation through a fake website.
In such situations, neither the consumer nor the organisation is
aware that the communication is being illegally monitored. The
criminal is, in effect, in the middle of a transaction between the
consumer and his or her bank, credit card company or
retailer.
