I've been using Bank of America's
So far, that hasn't happened to me. But in light of the recent security breaches at companies such as ChoicePoint
Neither, apparently, does Bank of America. This week, the company announced a new security system for its online site. The system, called SiteKey, is based on technology developed by PassMark Security, a Silicon Valley firm. With SiteKey, users will still have a user ID and a password. But then there are additional safeguards: Users will select an image -- from thousands available -- and write a brief phrase or sentence. In case an unrecognized computer is trying to access your account, there will also be three challenge questions along the lines of "What is the name of your dog?"
What's more, SiteKey will give users a button to press to verify that what they're viewing is the official Bank of America site. The picture and the brief phrase the user selected will show up, if the site is legitimate. This function will protect users from "phishing" scams -- emails that direct people to a fake site that mimics the real thing and then captures the victim's personal information.
This seems, to me, a very effective way to deal with phishing, particularly considering that up until now, the bank had nothing in place to deal with this problem. I believe it would be very difficult to re-create a fake site that would have the exact same picture and phrase.
The bottom line, though, is that log-in protection is just part of a company's security concerns. ChoicePoint's breach, after all, came from employees selling personal information to customers who had illicit motives. So companies need to implement better internal controls as well.
And SiteKey is probably not foolproof. Nothing really is. But it will be free to customers, and it does add an extra security layer that should make things more difficult for criminals. Bank of America will be rolling the service out over the remainder of the year, and when it hits California, I will certainly sign up for it.
Fool contributor Tom Taulli does not own shares mentioned in this article.