Consumers tend to be oblivious to the various layers of security financial institutions utilize to protect their bank accounts. But having a better understanding of what occurs behind the scenes can help consumers adapt to influential new technologies.
The Federal Financial Institutions Examination Council responds to innovations and increases in cybercrime with updated security guidelines for banks and financial institutions. In January of 2012, new rules went into effect requiring banks to protect their consumers with increased security. One of the FFIEC’s key recommendations for eliminating fraud is consumer awareness and education.
Financial institutions have established a layered security approach that includes multi-authentication, which may involve requiring users to punch in a second security code or carry a key fob, as well as doing due diligence when it comes to identifying customers as real people whose identities haven’t been stolen. This defense-in-depth approach is all about assessing risk throughout multiple points on an organization’s website.
These layers of security include:
Device identification: Complex device identification identifies the user’s PC, mobile, or tablet. The next evolution of security is device reputation management, incorporating geolocation, velocity, anomalies, proxy busting, browser language, associations, fraud histories, and time zone differences.
Out-of-wallet questions: “What’s your mother’s maiden name?” “What’s your Social Security Number?” “What are your kids’ names?” or “When were you born?” are examples of typical challenge questions, as opposed to out-of-wallet questions, which are generally opinion-based, such as, “What is your favorite vacation spot?” “What is your favorite flavor of ice cream?” or “What is your favorite book?”
Malware prevention & detection: Many banks offer antivirus, anti-spyware, and anti-phishing tools from well-known security vendors as full suites of total protection products.
You can take comfort in knowing that your bank has systems in place to protect your investments. But you should also bear in mind that your own PC or mobile that might be the weakest link in the process, so be sure to keep your device secure.
Robert Siciliano, personal security expert contributor to Just Ask Gemalto. Disclosures