This article marks the first in a series on the fundamentals of Internet banking. This series will include articles on customer service, Web site navigation, online statements, password protection, and more. For those of you who are new to the field, they are designed to be instructional. For the majority of our readers who are already online banking experts, they are designed as reviews to compare against your own operations. For this series, we will also bring in outside experts to write about their specific areas of expertise. Please let us know what you would like to see in future articles.

Table 1
Scorecard: Online Consumer Security Center

value to the bank

Every prospect for online banking has some level of concern about security and privacy. The issue must be addressed frequently and in great detail. PayPal’s online Security Center is a step in the right direction  but could be improved with more advice and monitoring tools.

Don’t think of your online security center as merely fluff to reassure overly paranoid customers. The thieves are innovative and persistent. By enlisting end users in your fight against fraud, you have a very real opportunity to improve your bank’s bottom line. Bigger banks, more likely to be targeted by crooks, are especially vulnerable to substantial fraud losses, not to mention the PR damage from a successful scam.

PayPal, which in 2000 lost $11 million to fraud, more than half its total revenues, covers much of the important ground in its Security Center, for example:

•          don’t use a password previously used at other Webs
•          never give your password to someone claiming to be a company representative
•          never log into the site using a link from an email message¹
•          verify the secure server connection
•          before purchasing online, investigate the seller’s reputation at eBay and PayPal

Banks should cover even more ground, for example:

•          ask customers to report any unsolicited email claiming to be from the bank2
•          add third-party endorsements/linkages from FDIC, VeriSign, TRUSTe, Better Business Bureau, etc.
•          help customers track their credit bureau information

For many more ideas,  Security Concerns as a Marketing Tool: Leveraging FUD (fear, uncertainty, and doubt)

¹Last year, someone successfully spoofed PayPal by creating a phony site with a look-alike name, paypai.com, that looks exactly like PayPal in a text-based email . Any company with an "i" or "l" in their URL can avoid this particular problem by registering the misspelled URL.

²We believe large banks are vulnerable to spam attacks, where a thief sends an email to several million people claiming to be an executive from BigBank.com. In the message, the bank exec would request that users log in to their accounts to verify security settings. The link in the email would take users to a spoofed BigBank.com Web site where users could login and unknowingly hand over their usernames and passwords.

PayPal’s Security Center is well organized with five subjects in the General area and three subjects each in the For Sellers and For Buyers areas.

 PayPal General Security Tips:

Passwords:

• Never, ever share your PayPal password with anyone. Never, ever share your PayPal password with anyone. PayPal representatives will NEVER ask you for your Password. If you believe someone else has gotten access to your password, please change it immediately and Contact Us.
• Select a password that is easy to remember, but hard to figure out. One good way to create a secure password is to choose a phrase of two or three words and add a 2 or 3 digit number to the end of the phrase. Avoid choosing obvious words or dates such as a nickname or birthdate. It is always a good idea to mix numbers with letters when choosing your password.
• Don't use the same password you use for AOL, eBay, MSN, Yahoo, or other online services. Using the same password for multiple websites makes it easy for thieves to access your personal information.

Secure Websites:

Whenever entering sensitive personal information (such as checking account or credit card numbers) onto any website, make sure that the website encrypts the information you send to, and receive from, the site. When you log into your PayPal account, you will always be on a secure website. You can check if the website you are using has this type of security in two ways:

• Check to make sure the URL begins with "https" rather than "http"
• Look for a lock icon on the bottom left or bottom right of your browser,
  which should look like this:
  

Email Security:

If you receive an email and are unsure whether it is from PayPal, come directly to the PayPal site at www.paypal.com  Don't click on any link in an email that seems suspicious to you. These security measures will help ensure that you are logging into PayPal. The only site you should ever type your username and password into is at www.paypal.com