Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Management Strategies

11:14 PM
Ivan Schneider
Ivan Schneider
Commentary
50%
50%

A Token Effort

Over the years, banks have taken numerous steps to increase personal security in the ATM lobby.

Over the years, banks have taken numerous steps to increase personal security in the ATM lobby. First, to get in, you need to swipe a card or have someone hold the door for you. Then, in a canny move designed to cut down on extraneous traffic, the banks have removed all of the ink from the courtesy pens attached to the fixtures. Finally, they've installed rearview mirrors on the ATMs to give you a moment's warning that you're about to be robbed.

Alas, these security procedures fall short when it comes to protecting the Internet banking user. Last month, I wrote about an online identity theft victim who sued her credit card company for not adequately counseling her about notifying the credit bureaus. On the heels of that comes another case, reported in InformationWeek, about a Miami businessman who claims that he lost $90,000 to thieves who used a "Trojan Horse" computer virus to steal the password to his Bank of America business banking account.

The unhappy victim has sued the bank for negligence and breach of contract. But unless his contract mentioned at-home tech support, it's unlikely that Bank of America will have to make restitution. If it's impractical to expect that banks can keep all non-customers out of their ATM lobbies, then neither should banks have sole responsibility for keeping their customers' computers free from viruses and spyware. That's Bill Gates' job.

Nevertheless, the banking industry can do more. With Internet banking, our homes and offices have become the equivalent of ATM lobbies - minus the consistent security measures.

Maybe banks could issue "rearview mirrors" for customers' computers that show a picture of a computer hacker.

Or, a major U.S. bank could be the first to issue token devices that generate one-time passwords for the widespread use of consumers and business customers alike. Although doing so would be a tacit admission of the failure of the current level of information security, the alternative may be a crisis in public confidence in the Internet banking channel. The lawyers won't be able to help if that happens.

Register for Bank Systems & Technology Newsletters
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.