Online banking is a nice convenience for many of us. However, PC World rightfully asks, “Does Online Banking Put Your Money at Risk?”.
Online Banking is a risk, but there’s a lot YOU can do to protect yourself.
PC World writes For users trying to assess the security of an online transaction–banking or otherwise–the Public Key Infrastructure group, an industry association that deals with card security, recommends users look at five aspects of the transaction: customer authentication, customer authorization and privacy, security of the purchase data, and nonrepudiation (meaning a customer cannot deny their actions after they click the “buy” button).
Authentication (are the parties to a transaction who they claim to be?) and authorization (does each party have the authority to perform the actions?) can pose major problems for individuals. How can customers be sure they have reached a legitimate bank Web site? And how can the bank make sure the person logging in to your account is really you?
One interesting concept that might partly solve this problem is called “shared secrets.” You send a file to the bank, perhaps a photo of your kids. When you log in to the bank Web site, that picture is displayed. If you don’t see the picture, you know you’ve reached the wrong site. The problem, of course, is that you have to type in your user ID and password before seeing the picture. While this verifies the bank’s Web site to you, the bank must still make sure it’s really you on the other end of the transaction.
To be effective this solution requires a second layer of security. Gartner’s Adrian suggests that the customer be required to click on a predetermined area of the picture. Even better, the customer could be required to click on a sequence of areas in a specified order. For example, if you uploaded a photo of your dog, you would click on his nose and then his mouth. Some banks are also looking into using so-called two-factor authentication, where you have to enter two passwords to log on: Your own password, and a “throwaway” password on a scratch-off card the bank sends you in your monthly statement. After you’ve used the throwaway password, you (or a data thief) can never use it again.