Last updated July 15, 2008

Home
Personal
Contact
Biography
Resume
Family
Credits
Magazines
Newspapers
Wire Services
Clips
Most Recent
Wall Street
Banking
Payments
Consumer
Investing
Energy
Technology
Security
Web Services
Journalism
Politics
Russia
War
Blog
Books
Media
Advice
 

Security as a Selling Point

By Maria Trombly | Securities Industry News | April 5, 2006

In January, E-Trade Financial Corp. did something that no other brokerage had done: It promised to cover all customer losses due to online fraud. Charles Schwab & Co.  followed suit in February, putting these firms in the vanguard of trying to raise customers' comfort level with an added layer of security technology.

Extending such a guarantee could carry enormous risks, but New York-based E-Trade saw reward in it. Last year it offered in retail quantities a device familiar in many wholesale and back-office financial industry applications: the SecureID password token from RSA Security of Bedford, Mass. The token generates single-use passwords that constitute the second element in so-called two-factor authentication. To steal a customer's account or identity, a thief would have to know not only the conventional log-in and password, but would also have to possess the token.

Today, E-Trade has more than $700 million in customer accounts under SecureID protection. But the token program was voluntary, and the guarantee applies to everyone, whether they use a token or not. So in March, E-Trade took the program up a notch, extending two-factor authentication to all customers.

The second factor doesn't have to be a piece of hardware. A telephone call, a question about one's credit history or a downloaded piece of software could serve a similar purpose. Two-factor is looking more and more like the wave of the future. Last fall, the Federal Financial Institutions Examination Council (FFIEC), an umbrella group of U.S. depository institution regulators, issued a guidance document, "Authentication in an Internet Banking Environment," that set forth the principle that security measures should be appropriate to the risk. It did not mandate any specific action, but it is having the effect of raising an entire industry's security bar, and not just in traditional banking.

Additional reporting from Maria Trombly will appear in a special report on information security in the April 10 issue of Securities Industry News.
 

Maria Trombly can be reached at 011-86-21-6387-7243 or by email at maria@trombly.com