TraceSecurity

Bank of America Toughens Web Security

Associated Press, 07/13/2005

Bank of America Corp. is rolling out a new security system aimed at thwarting efforts by online crooks to access its customers' accounts. Passwords will no longer be enough.

With SiteKey, bank customers pick three challenge questions - things only the customer would know, such as the year and model of the customer's first car - and provide them with the traditional password to log on.

Customers can also verify they are indeed at Bank of America's Web site by clicking on a SiteKey button. If they fail to see a secret image and phrase they had chosen earlier, they could be at a fake Web site and the target of a "phishing" scam.

Bank of America is rolling out SiteKey this week in Virginia, Maryland and Washington, D.C., following a launch in Tennessee last month. It should be available nationwide by the fall.

The service will be free.

Although SiteKey wouldn't have prevented recent high-profile security breaches, it shows how seriously the bank considers security, said Jim Stickley of TraceSecurity Inc., a computer security company not involved with SiteKey.

Because so many Web sites now require passwords, many Internet users have become careless and create easy-to-remember passwords that tend to be easy to guess.

So U.S. banks and Internet services are beginning to embrace a second ID - in this case, the challenge questions - taking an approach already common in Scandinavia, Brazil, Singapore and selected countries.

http://www.forbes.com/infoimaging/feeds/ap/2005/07/13/ap2137868.html