Wade through all those television commercials and written notices from banks and credit card companies, not to mention utilities and cable bills, and it seems as though the best way to pay any bill is over the Internet. Simple, fast, no envelopes to lick, and no stamps to buy. All free! Sounds good, eh? But, how safe is Internet bill paying anyway?
John Jordan, who is executive director of the eBusiness Research Center at Penn State's Smeal College of Business, in University Park, Pennsylvania, says that there are simply too many ways that things can go south. He specifically points out that thieves are indeed quite proficient at overriding all the fancy technology that banks have in place to access your account. And, he doesn't mind mentioning that online crime is now a multi-billion dollar business. That's billions, I say, billions!
"You hop, they take two hops. You hop again, they take two more," says Jordan. "So far, the bad guys are ahead."
Therefore, what are the specific ways that these baddies can get to your money?
1. Using a fake Web page that looks identical to your bank's Web site to intercept information that you think you are giving to your bank.
2. Installing software onto your computer (without your knowledge) that records every keystroke made on a machine.
3. Faking e-mails that are specifically crafted to look as if your own financial institution is requesting your personal information. Called "phishing," this scam stole about $929 million from 1.2 million U.S. consumers from May 2004 to May 2005, according to Gartner, a technology research company in Stamford, Conn.
In addition to having your pocket picked, other dangers of online banking include identity theft, damage to your credit rating, and the mountain of paperwork involved in straightening out the ensuing mess.
"Every time banks make online bill-paying easier to use, they may be making it easier to break into," says Jordan.
In any event, banks today are in a scrambling mode to build security into their own systems so that nobody but the customer can touch the money. However, according to Jordan, the root of the problem has to do with authentication--meaning the ways that banks verify an identity. In the online community, banks use only one way to authenticate identity, instead of the two ways employed in every other transaction arena.
Jordan explains that people prove their identity in three basic ways: something they know, such as a password or PIN number; something they have, such as an ATM card; or something they are, such as a fingerprint or photo ID. Most transactions, he notes, involve two of these methods. To take money out of an ATM machine, you provide the bankcard and a PIN number. But online banking generally uses only one way to verify identity.
"Banks are trying to figure out a second factor of authentication," says Jordan. "They have to do it soon, since the federal government wants to see greater security in electronic banking by the end of 2006."
It should be noted that last October, the Federal Financial Institutions Examination Council released new guidelines to banks, declaring that the single-factor method of verifying identity for online banking falls short and urging them to better protect consumers' money and identities.
Banks can offer further security in many different ways, notes Jordan. They can use a "shared secret" method, in which customers send their bank a picture of their dog, and then are asked to identify their dog from a canine lineup whenever they want account access (I kid you not!). Or, banks may provide battery-operated identification cards that automatically issue a new, unique pass-code to their online banking Web site every 30 to 60 seconds. Or, you might have to use your fingerprint to log in to your account. "A fingerprint-reader device generates a unique multi-digit secure number that can't be hacked," says Jordan.
One thing is certain. Banks must find solutions to these mounting problems because a lack of consumer trust threatens online banking and e-commerce itself. As Jordan concludes, "If you lose trust in the instrument of money, then there is no money because money is a trust system."
