Phishing for a Solution: Secure Online Banking

How safe is your financial information? Security concerns are a serious deterrent to the growth of online banking. Multi-factor authentication is one solution that’s gaining popularity.


Identity theft has become a serious problem for all financial institutions, and the security of online banking is a big concern for credit union members. Innovative credit unions are increasingly looking to multi-factor authentication to safeguard their members and promote confidence in the online banking channel.

According to the Javelin Group, roughly 9.3 million Americans were victims of identity theft in 2004. The Anti-Phishing Working Group estimates that the number of phishing sites grew at an average monthly rate of 15 percent in the past year. Personal financial information can be stolen from a variety of sources, but the virtual nature of the Internet makes online banking a popular playground for would be thieves.

ID theft presents a significant challenge to credit unions as attackers are beginning to concentrate on smaller financial institutions. In order to decrease account hijacking and identity theft, the FDIC has recommended all financial institutions adopt at least a two-factor authentication system. A growing number of credit unions have started to take the advice.

What is multi-factor authentication?

Multi-factor authentication is a security strategy that employs more than one way to authenticate users. Traditionally there has only been one level of authentication for online banking: the user name and password. While important, this level of security is no longer sufficient as passwords can be compromised by phishing or other online attacks.

There are a variety of options for adding additional authentication levels. Challenge questions, which ask specific user information such as the name of a pet or hometown, are one simple addition that can be used to supplement the traditional username and password. Other more secure solutions include software that identifies and authenticates users' computers and IP addresses, keystroke dynamics which identify users' individual typing habits, and secret images unique to each user, which are displayed only when a user logs in to their financial institution's official website.

Security concerns are the biggest deterrent to online banking growth. According to an Ipsos Insight study released in August 2005, 73 percent of respondents cited fear of personal information theft as a deterrent to online banking. Given the tremendous cost savings associated with online banking, credit unions must increase online security if they are to remain competitive.