As deadline nears, banks toughen Net protections

[David Farber <dave () farber net>]

Begin forwarded message:

From: Dewayne Hendricks <dewayne () warpspeed com>
Date: December 31, 2006 9:02:39 PM EST
To: Dewayne-Net Technology List <dewayne-net () warpspeed com>
Subject: [Dewayne-Net] As deadline nears, banks toughen Net protections
Reply-To: dewayne () warpspeed com

[Note:  This item comes from reader Monty Solomon.  Boy, do I feel a  
lot safer now!  DLH]

From: Monty Solomon <monty () roscom com>
Date: December 30, 2006 10:45:08 PM PST
Subject: As deadline nears, banks toughen Net protections


As deadline nears, banks toughen Net protections

By Hiawatha Bray, Globe Staff  |  December 29, 2006

People who do their online banking with Cambridge Savings Bank will
find it a little harder to log on in the New Year. But bank
executives don't think the customers will mind. It's for their own
good -- and besides, it's the law.

A federal regulation mandating tougher online financial security
measures will take effect Monday. Banks, credit unions, and other
financial institutions must begin using enhanced technologies to
protect customer data against identity theft. Many of the nation's
biggest banks, including Bank of America, have already introduced
"multi factor" authentication systems that go well beyond the
traditional user name and password approach to prevent Internet
fraud. Other smaller banks, which buy their online banking services
from independent contractors, are scrambling to meet the coming
deadline.

Mark Tracy, senior vice president of back technology and operations
at Cambridge Savings, said his company has been testing its new
authentication system for the past two months, with help from
customers who've agreed to try it. "It's been pretty successful so
far," said Tracy. "In January, we'll be making it mandatory."

Cambridge Savings customers will receive a user name and password
when they sign up for the service. In addition, the first time a
customer uses his home or work computer to do some banking, the
machine is given a unique digital "fingerprint" associated with the
customer's password. Whenever he banks with that computer, the bank
software checks his user name, password, and computer fingerprint
before processing the transaction.

If someone tries to log in from a machine that isn't fingerprinted,
the bank will send a confirmation message to the customer's e-mail
address. A crook who's stolen somebody's user name and password
probably won't have access to the victim's e-mail account, so he
can't reply to the message, and won't be allowed to log in.

.....

<http://www.boston.com/business/globe/articles/2006/12/29/ 
as_deadline_nears_banks_toughen_net_protections/>




-------------------------------------------
<HR>
You are subscribed as lists-ip () insecure org<BR>To manage your subscription, go to<BR>  <A 
HREF="http://v2.listbox.com/member/?listname=ip";>http://v2.listbox.com/member/?listname=ip</A><P>Archives at: <A 
HREF="http://www.interesting-people.org/archives/intere
Archives: [LIST_ARCHIVES_URL]
Modify Your Subscription: http://v2.listbox.com/member/?member_id=1788750&user_secret=f2ab41d2
Unsubscribe: http://v2.listbox.com/unsubscribe/?id=1788750-f2ab41d2-x9e5g1in
Powered by Listbox: http://www.listbox.com