Basic Features & Functions

With security and privacy top-of-mind with most online financial services users, you need a high-profile effort to address those concerns. The security zone educates users on typical safeguards, consumer protection, and steps to take to maintain tight security and privacy.

You should make basic information freely available to all Web visitors. However, premium services should be reserved for paying customers.

1.       Privacy Policy: A clear and well-written privacy policy is a must for any company operating online. Make sure yours complies with Platform for Privacy Preferences (P3P) so the Internet Explorer 6.0 privacy alert isn’t activated when users visit your Web site (refer to  www.w3.org/P3P  for more information).

2.       Marketing Preferences: It’s good business to let your customers opt out of any marketing messages they are violently opposed to. But the trick is not to have users opt out of everything. Try to structure the wording of your opt out options, so most users will at least allow email marketing messages. For example: “Do you want to receive messages from us regarding security alerts, unusual account activity, branch hours, operational changes, and special money-saving opportunities?”

3.       Internal Security Precautions: Without giving away any secrets to the hackers, provide as much detail as possible about security precautions you take to safeguard accounts, both on and offline. Even though you take this stuff for granted, you can impress your customers with the hundreds of security and audit precautions used in the course of business. Enlist auditors and operational staff in developing this section.

4.       Recommended Security Precautions for Consumers: Consumers are very concerned about identity theft and the safety of their ecommerce activities. Provide clear advice on how to avoid online rip-offs. Tell customers to be wary of emails claiming to be from the bank, especially those requesting action on the part of the customer. PayPal and Bank of America have both been victimized by “spoofed” email fraud. Bank of America took the unusual step of releasing a press release with instructions on how to avoid this scam  www.bankofamerica.com/newsroom/press/press.cfm? PressID=press.20020213.01.htm&LOBID=11>.
PayPal uses its monthly email newsletter to continually remind users to only log in when they see  https://www.paypal.com.

5.       Third-party References: Provide information on how users can contact third parties to verify your safety and soundness, including:

•          link to your bank’s entry in the FDIC online database  www.FDIC.gov 
•          link to your state’s Better Business Bureau
•          link to a bank-rating service such as BankRate’s Safe & Sound ratings  www.bankrate.com/brm/safesound/ss_home.asp
•          link to financial information, such as SEC reports, call-report data, credit union annual reports
•          customer testimonials
•          link to customer service where real humans can reassure prospective customers about  your safety and soundness
•          detailed brick and mortar information (hours, directions, services offered, etc.)

ð

Premium Security Features & Functions

Studies show that upwards of 75% of Internet users have concerns about fraudulent transactions. Financial institutions could take a large step in alleviating these concerns by providing a suite of fraud controls that can be set and adjusted by users.

And why not make security into a profit center by charging an annual subscription for premium protection? It’s a win-win proposition: customers gain peace of mind, while you increase fee income and differentiate your product offerings. Royal Bank has been experimenting with a suite of security and privacy tools sourced from Zero-Knowledge  www.zeroknowledge.com  (see American Banker, Feb. 20, 2002). The tools provided to 1,000 Royal Bank customers include:

•          Ad Blocker: Speeds up Web browsing and protects privacy by blocking Internet advertising.
•          Keyword Alert: Protects the user by scanning outgoing Internet traffic for private information.
•          Cookie Manager: Protects user privacy by managing Internet cookies and allowing the user to block certain types.
•          Form Filler: Allows users to store personal information to make it easier to complete Web forms.
•          Personal Firewall: Stops hackers and blocks Trojan horses and hostile attempts to access a user’s computer.

Freedom Net www.freedom.net is Zero-Knowledge’s consumer site where it markets privacy tools directly.

1.       Payment Security Preferences/Alerts: It’s time to let users establish their own security preferences. Take a cue from standard browser functionality, and offer different levels of security protection from low to high. Users would log in and use a sliding bar to choose the desired level of transaction security. Each parameter could also be edited individually through drop-down lists.

When security parameters were violated, the resulting action would depend on the severity of the breach and users’ preferences. Most times, a simple email “heads up” to alert the user to suspicious activity would suffice. For example, every time a bill payment for more than $1,000 was initiated, an email would be sent to the user. Assuming it was legitimate, no further action would be necessary.

Serious breaches could be handled differently. For example, if 42 bill payments totaling $7,200 were initiated to a new payee with a post-office box address, the system would hold the payments pending positive telephone confirmation from the user.

Another example: Users select the maximum number of bills that can be initiated in a certain time period. For example, no more than $2,000 in bills initiated in any 7-day period. Users could be issued an override code in the event they needed to override the fraud parameters. (Use of the override would also trigger a message.) S1, the parent of pioneer Security First Network Bank (SFNB), was the first to incorporate security preferences into its online banking platform
 

2.       Credit Report Monitoring: Credit report monitoring is a great tool for catching identity theft as soon as possible. Enhanced monitoring services now email alerts within 24 hours of any new credit inquiry, allowing users to place a fraud watch on their bureau, thwarting potential thieves before financial damage is incurred. This service should be made available in the Research & Planning Zone. We will look at credit report services in detail next month.

3.       Ecommerce Insurance: Umbrella policy that protects deposits and investments held online, and protects against fraudulent payment transactions.