News

Regulators push banks to improve online security

January 16, 2012

According to a report in the New York Times, the Federal Deposit Insurance Corporation wants financial institutions to add a new security layer that detects unusual patterns of online activity — such as a volley of transfers to an account in Russia — in real time, starting this month. However, the Financial Times reported that a poll by a bank technology firm in November suggested that 40 percent of banks weren’t even aware that regulators want them to adopt new measures.

The recommendation is in response to an FDIC report that banks and online customers lost more than $2 billion in 2010 from payment card scams, fraudulent wire transfers and other Internet swindles. Though losses are down from a peak of $8 billion in 2006 due to fraud prevention measures, regulators have decided that current security systems based on passwords, tokens and cookies still aren’t strong enough.

With 62 percent of Americans (including 55 percent of those 55 and older) now preferring to do their banking online rather than at a branch or ATM, the pool of possible victims has increased. And while regulations limit losses for individual victims of a cyberstrike to $500, businesses are not covered, and small companies are especially vulnerable because they move more cash around than individuals do and they cannot afford high-technology defenses.

If the new safety guidelines from the FDIC fail to stem the tide of online fraud, regulators have suggested additional possible measures: Banks could require customers to authorize transactions through two devices, like a computer and a phone; they could limit the size or number of transactions allowed; and they could block connection to bank servers from unknown or suspect Internet addresses.