Bank of America is rolling out new security features to protect online-banking customers from scam artists.
Called SiteKey, the new technology started being deployed this week in Tennessee, the nation's second largest bank said Tuesday. Online-banking customers nationwide should have the option by the fall of using the additional security.
SiteKey, which is based on authentication technology from PassMark Security Inc., targets crooks who use techniques called "phishing" and "pharming" to steal IDs, passwords and other personal information from online shoppers and banking customers.
Phishers use bogus emails to lure recipients to a fake online banking or merchant sites to steal personal information. Pharming, on the other hand, involves the use of more sophisticated technology that subverts some part of the Internet infrastructure.
In the latter scam, malicious code is often placed on vulnerable domain name systems, which then direct traffic to fraudulent websites. A DNS takes the domain name typed into a browser and uses it to locate the site on the Internet.
To help prevent customers from becoming victims, Bank of America has added another layer of authentication, beyond a user ID and password. People signing up for SiteKey would choose an image, a phrase and three challenge questions.
If customers are logging on the BofA site from their home computers, then they will only be shown the picture and phrase before being given access to their account. If they're using a different computer, then they also will be asked the challenge questions.
The image and phrase shows the customer that they are entering a legitimate BofA site, bank spokeswoman Betty Riess said. The challenge questions tell the bank the person entering the site is a legitimate customer.
The Charlotte, N.C., bank has a "zero-liability guarantee" that protects online customers against losses due to unauthorized access to their accounts, Riess said. With the increase in phishing and pharming, however, the bank felt it needed to offer more.
"We wanted to go beyond (the guarantee)," Riess said.
While it doesn't release figures on the impact of Internet fraud on the bank or its customers, BofA has seen strong growth in online banking, Riess said. The number of customers has grown to 13.2 million as of the end of April, compared with 8.3 million the same month a year ago. However, less than half of those customers pay their bills online
Research has shown that better security could entice consumers to use online banking more.
In a survey conducted of 5,000 consumers last year, research firm Gartner found that 3 out of 5 who make online transactions said they would buy, invest or keep more money online with service providers who offered additional security, such as challenge-response options. In addition, the respondents also said they didn't mind if beefed up security slowed down the transaction.
The growing number of con artists justifies consumers' fear of becoming victims of Internet fraud. The number of phishing sites in April was 2,854, representing a 15 percent average monthly growth rate since July 2004, according to the Anti-Phishing Working Group.