BUSINESS LIFE | WINTER 2010 EFFECT

Internet Banking Security

by Laura Espeseth

On August 26, 2009, the Federal Deposit Insurance Corporation issued a special alert on an increase in fraud from electronic money transactions, such as automated clearing house and wire transfers. Most of the fraudulent transfers were the result of compromised login credentials to Internet banking accounts—an alarming problem that could lead to an unwanted financial impact.

According to a 2008 survey by the Identity Theft Resource Center, the average consumer victim of identity theft spent $739 dollars in efforts to restore their identity, and the average business victim of identity theft spent $90,107. These costs do not include time, effort, and all the secondary effects that arise. Victims reported spending an average of 58 hours repairing damage done to their identity.

As Web-based banking systems are becoming more sophisticated, Internet criminals are becoming more creative in their efforts to obtain customer’s usernames and passwords. Phishing is one of the most common methods of accessing accounts. Phishing involves sending emails that appear to be from your bank that request information about your account. These emails may also contain a link to a site that looks your bank’s Web site, when in reality it is a fake Web site used to capture your username and password.

Basic password protection

Consumer and business customers can take many actions to help protect their Internet banking identity and guard against fraud, and it starts with good username and password practices.

• Memorize your username and password. Do not keep it written down on or around your workstation. Even if you trust your colleagues at work and family members at home, other people including the cleaning crew, vendors, and customers could comprise your account. If you absolutely must write down your passwords, keep the password in a secure locked place away from your workstation.
• Strengthen your password and change it often. Longer passwords are more secure especially if they incorporate capital letters, numbers, and symbols. Avoid using patterns or sequences (e.g., aabbcc, 12345, etc.) Best practices suggest that passwords should be changed at least quarterly. With what seems like a million passwords to remember this may not seem practical, but the cost and hassle of identity theft are not worth the risk.
• Avoid using automatic login features. These features automatically log you into your banking site by “remembering you on this computer.” Doing so may enable anybody that has access to your workstation to have access to your bank account.
• Fully logout of your account after your banking session is completed. Most Internet banking systems will time-out after a period of inactivity; however, it is recommended that you always officially logout of your account. This will ensure that another user of the workstation cannot gain access to your account.

Best practices

Other important information to consider when protecting against phishing and other fraud schemes include:

• Your financial institution would never need to obtain your online banking information. The bank has your information; never give it to anyone.
• Always type your banking Web address into your Web browser. Never use links from suspicious emails.
• Ensure that your anti-virus software on your computer is up to date.

Despite the fact that our money is at stake, people routinely ignore these basic security principals. Why do we make it easier for criminals to do this when there is so much at risk?

Customer awareness is a key defense against fraud and identity theft. Practice good password habits and be aware of the common phishing techniques designed to target Internet banking customers. Stay current on information security trends through Web sites like www.antiphishing.org. And most important, monitor your accounts closely and report any suspicious activity to your financial institution immediately.