With so much online fraud aimed at users of Web-based banking and brokerage sites, experts have long postulated that financial services providers would eventually play a bigger role in helping end users defend themselves, such as via offering advanced security features and anti-malware tools directly to customers versus relying on end users alone to protect their own devices.
However, as many of these companies have attempted to foster such programs over the years, as in the distribution of two-factor authentication tokens and the like to their customers, users have frequented rebelled in the name of keeping their online interactions as straightforward as possible, instead of embracing the extra devices or passwords they’ve been asked to use to go about their e-business.
In fact, some experts have maintained that the more virtual levers that banks and other companies force their users to throw in order to get into their online accounts, the more likely those customers are to simply to move to another service provider whose systems aren’t as onerous to use.
At the same time, attacks including Trojans and Web-based drive-bys targeting e-banking and trading applications have only continued to become more ubiquitous and sophisticated.
Now, some proponents of the provider-driven anti-malware model contend that the time has actually come for the concept to take off, based both on the sheer amounts of money, and customers, that banks are losing at the hands of cyber-crime.
With the towering costs of customer churn and people returning to paper-based accounts staring them in the face, these organizations are looking for new ways to solve the problem, claims Michael Stanfield, CEO of Virginia-based Intersections, a vendor of so-called identity risk management solutions.
In addition to the continued proliferation of threats, the arrival of more effective anti-fraud tools, such as those sold by Intersections, is driving more widespread adoption of the systems among banks and trading companies, he said.
To note, 90 percent of the company’s current business is coming from white-label OEM deals with big name banks including Bank of America, CapitalOne and CitiBank, the executive said.
“The perception that integrating more expansive security features into their services will actually cost them business has led some of these providers to hesitate to be more proactive, but in the next two or three years I think we’re doing to see a dramatic shift as these companies simply can no longer afford the levels of fraud and customer turnover that they’ve seen over the last few years,” Stanfield said.
And unlike more intrusive solutions, such as two-factor key fobs and other multi-password log-ons, which many customers have repelled, technologies like Intersections’ PrivacyProtect session encryption software – which silently encrypts every keystroke that a use makes after they have logged into their e-banking accounts – are the types of tools that both service providers and end users will embrace, according to the executive.
Also diminished will be the notion that banks will seek to make money by selling AV tools and anti-fraud systems to customers, as the motivation to hold onto as much business as possible has become a big enough driver to motivate these organizations to shell out for the technologies on their own, he said.
“Unfortunately for the banks, the more they’ve tried to force customers to use features or buy tools to improve security, the more they’ve turned customers off,” said Stanfield. “But criminals are moving so quickly to figure out new ways to steal accounts and defeat existing protections that these companies are looking for newer ways to defend their customers and their profits.”
In addition to encrypting keystrokes to protect against Trojans, PrivacyProtect and some other newer applications also fingerprint end users’ devices such that even if their authentication credentials are stolen, it will still be nearly impossible for someone else to access their accounts, especially from halfway around the globe.
In addition to PrivacyProtect, Intersections is also marketing a solution dubbed Identity Guard Total Protection, which promises to allow end users to better manage and monitor personal information such as credit card data, as well as secure their passwords and user ids as they navigate online – and protect their computers from malware attacks. As an added safeguard, the product also provides identity theft recovery services and financial reimbursement insurance to customers in the event of an identity theft.
“The ideal scenario for everyone is when both the banks and end users are actively involved in the process of securing their information; that’s been evident for some time, but the tools to support that relationship have evolved to make it practical,” said Stanfield.
Of course, his company is hoping to cash in on that trend.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.