By ALAN KONDO, CFP, CLU
The recent revelations about the Heartbleed virus have raised concerns about the security of online transactions and banking. Heartbleed is a bug in some versions of OpenSSL, a set of software tools used widely across the Web for security. This bug may reveal your name, passwords and other private information, and has affected many financial institutions.
As Americans increasingly migrate toward conducting banking and other financial transactions over the Internet, the threat of falling victim to ever-more sophisticated cyber-crimes continues to increase. Financial services companies are keenly aware of the potential security risks posed by online money transfer. That is why the industry as a whole has developed a series of standard security protocols designed to ensure that customers’ assets and personal information are kept safe.
Following is a list of common security features offered by most banks and financial institutions. You can compare these measures with what your own bank, credit card company, and other financial vendors have in place.
Anti-malware software. Anti-malware is a term commonly used to describe various software products used to prevent, detect, block and remove malicious software products that are intended to damage or disable computers or computer systems. Anti-malware software may also be referred to as anti-virus or anti-spyware.
Transaction monitoring/anomaly detection. Network monitoring software has been in use by financial institutions for a number of years. Similar to the way in which the credit card industry detects and blocks fraudulent credit card transactions, systems are now available to monitor online banking activity for suspicious funds transfers. For instance, too many incorrect login attempts will signal the system to lock a user out of their account until positive account verification can be confirmed. Transaction amounts (specifically withdrawals) that fall outside the customer’s normal or pre-established limits are also scrutinized.
Multilayered authentication. Many online banking/financial systems now require multiple layers of user identification, or authentication, that only those authorized can provide. For instance, some authentication protocols verify that the computer or smart phone the customer is using to access the bank’s website. If the device does not match the bank’s records, additional authentication measures, such as one or more challenge questions (your mother’s maiden name, for example), will be presented to the customer. Similarly, a number of institutions are requiring “out of band” authentication, which requires a transaction initiated via one delivery channel (e.g., Internet) to be re-authenticated via a different channel (e.g., telephone) in order for the transaction to be completed.
Firewalls. Firewalls are software- or hardware-based security systems that create a secure barrier between your bank’s internal network, where your information is stored, and the unsecured Internet. The data “traffic” flowing in and out of the bank’s network is monitored and analyzed to determine its legitimacy.
Encryption. Encryption scrambles information being transmitted between your device and the bank’s network into a code that is virtually impossible to decipher, thereby protecting against unauthorized access. Many financial institutions now use 128-bit encryption, an advanced encryption technology.
Customer Education: The Linchpin of Any Security Program
In the final analysis, even the most sophisticated security measures are no substitute for well-informed customers. Toward that end the Federal Financial Institutions Examination Council (FFIEC), a body of the federal government made up of several U.S. financial regulatory agencies, issued guidance suggesting that, at a minimum, a financial institution’s customer education efforts should include¹:
● An explanation of protections provided, and not provided, to account holders relative to electronic funds transfers.
● An explanation of under what, if any, circumstances and through what means the institution may contact a customer on an unsolicited basis and request confidential account-related credentials.
● A list of risk-control measures that customers may consider implementing to mitigate their own risk.
● A list of appropriate contacts for customers to use if they notice suspicious account activity or experience security-related events.
If you visited a website that uses a vulnerable version of OpenSSL during the last two years, your personal information may be compromised. You can use this tool: http://safeweb.norton.com/heartbleed to check if a particular website is currently impacted.
¹ The Federal Financial Institutions Examination Council (FFIEC), “FFIEC Supplement to Authentication in an Internet Banking Environment,” June 29, 2011.
—
The opinions expressed above are solely those of Kondo Wealth Advisors, LLC, (626-449-7783 info@kondowealthadvisors.com) a Registered Investment Advisor in the state of California. Neither Kondo Wealth Advisors, LLC nor its representatives provide legal, tax or accounting advice.