New security measures at the Cambridge Savings Bank

["Richard M. Smith" <rms () computerbytesman com>]

Hi,

A friend just forwarded me the attached email message from the Cambridge
Savings Bank of Massachusetts about a new security program that they plan to
roll out soon.  The email seems to be legit, but sending out email messages
about online banking security is a bit odd since this is how most phishing
scams operate.

This new security measure apparently works the same as this scheme:

   http://www.nassaued.org/security.html

To log onto a bank account, one still uses a username and password.
However, the computer must also have a special "security" cookie set on the
computer.  This cookie gets generated by the bank's Web site after someone
answers a number of "secret" questions about their account.  An account can
also be locked down to only work on one particular computer.  I'm not sure
what happens if someone clears out their browser cookies.

I suspect there is some company out their that has a patent of this
technology and they are peddling to the smaller banks to meet upcoming FDIC
mandates.

What do folks think about this idea? 

Richard M. Smith
http://www.ComputerBytesMan.com

-------- Original Message --------
Subject:        CSB Enhanced Online Banking Security
Date:   Tue, 31 Oct 2006 09:46:15 -0800
From:   info () cambridgesavings com
Reply-To:       info () cambridgesavings com
To:     

Dear CSB WebBank User:

Your online security has always been a top priority.  As identity theft
and fraud continue to make headlines nationwide, we'll be upgrading CSB
WebBank with a new security service during the week of November 6, 2006
to further help protect you from identity theft and fraud.

Introducing Enhanced Login Security (ELS)
ELS is a new, free and easy way to help prevent fraud.  ELS strengthens
security at login by adding an additional authentication factor beyond
the User Name and Password that you use today.  ELS is a browser-based
secure cookie with an individualized credential (ID) stored on your
computer.  This ID serves as the second factor in addition to your User
Name and Password.

This additional security technology allows us to verify you as the "true
owner" of the WebBank accounts from whatever computer you're using for
CSB WebBank, whether you're at home, at the office, or on the go.  Your
WebBank accounts are protected from unauthorized access, providing you
with peace of mind.

We will send you a second email during the week of November 6th with
in-depth instructions on how to utilize ELS.

If you have any questions, please call us at 888-418-5626.  Thank you
for banking with Cambridge Savings Bank.



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.