The two scams most often credited with causing so much fear of online banking are phishing and pharming. In a phishing attack, you are tricked into divulging your password, user name, or other confidential data after receiving an e-mail that purports to originate from your bank or credit card company. The message steers you to a fake Web site under the pretense of having you update your security information. Once the sensitive data is obtained, your money is there for the taking.

Pharming works much in the same way as phishing, except that e-mail is now out of the picture. In a pharming attack, your Web browser is hijacked so that you are diverted to a false site when you attempt to visit your bank. Unaware of anything out of the ordinary, you divulge your password and user name to criminals.

While banks might be reluctant to share hard data on the actual number of cases of online financial fraud, they are clearly responding to the growing threat by stepping up the security of their logon systems and strengthening their risk-monitoring technology. But, according to Avivah Litan, an analyst at research firm Gartner, it is "too early to tell" how the criminals will respond to the new security systems.

Better Authentication

In the U.S., the federal government has given banks until the end of the year to install better online-security measures. Some companies, such as Bank of America and E*Trade, have gotten a head start by introducing new authentication technologies to complement the traditional user name and password required for accessing online services.

These new technologies, called "two-factor authentication," combine something you have, such as a hardware device or a software application, with something you know, such as a password.

Bank of America's new authentication system, called SiteKey, was developed by PassMark Security of Menlo Park, California. It is designed to prevent account holders from falling prey to phishing sites. It does this by asking you to select an image and a phrase that only you know. If this image and phrase are not displayed on the Bank of America Web site when you log in, then you know the site is fraudulent. (continued...)

1  |  2  |  3  |  4  |  Next Page >