www.safe2bank.com

Fed by media reports, often wrongly implicating online banking in fraud problems the public is becoming exasperated with the growing assault on their computing. Spyware, adware, spam, viruses, worms and phishing are enough to drive consumers back to that comfortable spot on the couch where all they have to worry about is what show’s on next.*

At Online Banking Report, we’ve watched the growing backlash with great concern. Although we’ve written about it, we want to do more. We’ve been telling reporters for years that overall online banking is safer than the paper processes it replaces. To get that message out to a broader cross-section of consumers, we are launching the Safe Banking Initiative (SBI) to foster education and awareness of safe online banking practices within the industry and to educate the marketplace, especially the media, as to the real risks of various banking and payment options, both online and off. Its business model will be similar to the Underwriter’s Lab in the electrical appliance field. The SBI website (under construction) will contain educational information along with a database of certified banks.

One of the first efforts will be the deployment of the Safe2Bank Online Certification program that will allow regulated financial institutions to apply for a safe banking logo that can be displayed on their websites. The idea is help consumers know when they are visiting a financial institution that adheres to the Safe2Bank guidelines. We plan to make the scorecard criteria open to the public via the Safe2Bank website, but the weightings, actual scores, and score cutoffs will remain confidential (although participating financial institutions will receive a full copy of their weighted scorecard and comments).

The guidelines are still in development, and we are looking for your input. The first draft is listed on pages six and seven. To become certified, financial institutions must achieve a yet-to-be-determined minimum score across the 80 items. Financial institution will not have to pass all 80 guidelines to become certified, although there may be certain required items such as a visible privacy policy, secure password-reset procedures, and so on. Certified financial institutions will have their names, Web addresses, and contact info listed on the Safe2Bank website. They also have the option of licensing the mark to display on their own websites and marketing material  .

To become certified, financial institutions must answer a questionnaire on their online banking features and processes (all questions related to publicly available material). Answers will be verified by an SBI employee and scored using the criteria in Table 2 . Each factor will be weighted, and partial credit will be available on certain guidelines. The resulting score and comments from the evaluator will be shared with the participating financial institution. The audit deals only with publicly visible features and processes: it is NOT a back office or network security audit like the SAS 70 or other regulatory reviews.

*As we were going to press, another story ran on The NBC Nightly News about $90,000 lost by a small business apparently aided with information obtained from a personal computer (reference: msnbc.msn.com/id/6713753).

Financial institutions are encouraged to apply now for certification. The first wave of certified financial institutions will be announced at the launch of the consumer education campaign, currently slated for second quarter 2005. Financial institutions will be certified in the order of application, so the earlier you return the reservation form, the sooner you’ll be eligible. The cost for the certification audit is $500 payable with your reservation form (see enclosed). The fee is not refundable, but those not passing may reapply within 12 months for half price.

Financial institutions passing the S2BO audit will have the option of licensing our Safe2Bank Online logo for inclusion on their websites and marketing materials. Licensing cost will be no more than $1000 annually during the launch period. Final pricing will be announced in first quarter 2004.

As the certification process unfolds, we will initiate a far-reaching, consumer-awareness campaign. Part of that effort will be to help each certified bank make a splash in their home market. SBI will assist in issuing a joint press release and will participate in other media events as well. Online promotional efforts will also be used to raise awareness of the Safe2Bank designation.

We have enclosed a signup form with this newsletter. Receive one via email by sending a request to anita@onlinebankingreport.com   

The SBI is a wholly owned division of Financial Innovations, publishers of Online Banking Report since 1995. The managing director is Kate Schultz who brings to SBI a long track record of organizational leadership in the nonprofit sector along with 10 years of contributions to Online Banking Report. All guidelines will be reviewed by an industry advisory board (below) before being finalized.

We consider every OBR subscriber to be an unofficial SBI advisor. So please provide your input on the S2BO scorecard and any other aspect of the initiative. We are also assembling a more formal advisory panel from the industry to review the criteria and submit comments. If you would like to be on the official panel, please email kate@netbanker.com . The position is voluntary and unpaid with a relatively small time commitment**
(no meetings!). Membership is limited with preference to financial institution employees.

Although all the information obtained in the audit will be publicly available, we understand the sensitivity of the industry to the threat of hacking and leaks. Therefore, all audit results will be kept in password-protected files on computers not connected to the Internet.

*Financial institutions are encouraged to obtain an opinion from their compliance and legal staff on the ramifications and implied liabilities, if any, of using the Safe2Bank logo.
**The time commitment should be no more than a few hours each quarter.

Safe2Bank Online Scorecard Beta Version 1.0

Table 2

Safe2Bank Online Scorecard

Source: Online Banking Report, 12/04

References: Security and Privacy Report, OBR 93/94

Financial institutions must adopt new safeguards in 2005

We interrupt the regularly scheduled newsletter for an important bulletin: The industry¹ MUST adopt stricter online authentication and monitoring tools or risk a damaging backlash against online banking and payments. To help spur innovation on the security front, we are launching a new effort called the Safe Banking Initiative, or SBI for short. We hope to create an Underwriters Lab (UL) type seal of approval for financial institutions to display on the websites and other marketing material.

BAI Retail Delivery 2004

On the way home from BAI’s Retail Delivery, I always try to reflect on the “themes” from this influential industry conference. This year it was all about integration: interbank (A2A) transfers integrated with bill payment; ATMs integrated with check processing; branches integrated with online banking; everything integrated with industrial strength CRM systems. 

My biggest aha! occurred at an unlikely spot. Normally, I skip the hardware displays with their legions of enthusiastic ATM salespeople, and head straight for the booths in the back where I always learn something from the online pioneers. This year my most memorable conversations were with Hill Ferguson, Melanie Flanigan, and the whole crew from Yodlee on the bus back to our hotel; Neil Platt and Sanjeev Dheer from CashEdge on the trade-show floor as they landed a major new bank account; and as always, catching up with long-time industry visionary Matt Lawlor from Online Resources.

But this year, thanks to an effective pitch from its Williams Mills rep, Jamie Stephenson, I found myself chatting with Miles Busby, founder of Source Technologies www.sourcetech.com  about his vision of the future branch. Think airport check-in, circa 2004, where rows of touch-screen kiosks greet flyers, run them through the check-in process, and spit out boarding passes. One or two attendants assist with checked baggage and answer questions posed by perplexed travelers using self-service for the first time².

¹We’re referring specifically to U.S. banks; many major banks outside the U.S. have already added rigorous and highly effective authentication processes; one major bank familiar to us has only lost a few thousands dollars year-to-date. 

²Alaska Airlines, the first airline to offer kiosk check-in, then later Web-based check-in, is considering eliminating the ticket counter altogether, a concept it is testing in Anchorage.

A Real Automated Teller Machine

Fast-forward to the bank branch of 2007.  Customers walk in the door and head directly to teller row, no lines. After swiping an ATM card and entering a PIN at terminals built into the counter, customers feed paper checks directly into the deposit slot. Instantly an image of the check appears on screen along with the amount of the deposit. After confirming, the total is added to the customer’s balance, the original paper s check returned as a receipt, and any cash-back is dispensed from the machine. Finally, the human teller asks, “Did you get that double billing on your credit card resolved
Mr. Poddenstopper?”*

The machines can also handle other routine transactions: loan payments and other bills could be paid by feeding billing statements into the machine, then selecting the account to debit; funds could be transferred within the bank or to accounts outside the bank; money orders, cashiers checks, and prepaid cards could be created right from the machine. Machines could be even be equipped to handle merchants, accepting and dispensing cash and coin, payroll checks, and prepaid employee cash cards.

The beauty of all this, not counting the labor savings, which Busby said could pay for the equipment within a year, is that it all ties in nicely with online banking. Upon return to their home or office, branch self-service users will be greeted with an email summarizing the transactions with links to online banking to view images of any paper checks or statements scanned in the branch, and to take any action related to the in-branch transaction. It’s similar to the way the airline check-in process is spurring travelers to go online and check-in prior to the trip to the airport.

Paperless Banking

Another chord struck at Retail Delivery was the growing threat to consumer confidence in online banking, and by extension banking in general, due to the proliferation of spyware, worms, Trojans, fake messages, as well as the mixed messages from financial providers, the media, and government regulators. Jim Van Dyke, whose Javelin Strategy www.javstrat.com  consultancy is doing pioneering work in this area, presented not one but two sessions on paperless banking. He looked at 44 criteria at 39 leading banks, determining that BofA, Wells Fargo, E*Trade, and Zions had the best total safety rating .

That’s great information on those 40 banks, but what about the other 20,000 U.S. financial institutions? How do consumers determine if they are dealing with a “best practices” bank or credit union? Not to beat our own drum too loudly, but we hope our Safe2Bank certification will go a long way in educating, and, more importantly, reassuring consumers and the media about real fraud threats, both on and offline.                                                                                       

Jim Bruene, Editor & Founder,

 jim@netbanker.com

*As soon as Mr. P swiped his card, his name, account history, and recent service issues instantly appeared on a screen visible only to the human teller. The customer record could also be enhanced with family names, pronunciations, and even the occasional cross-sell prompt. While this teller-automation technology has been available for years, the typical teller is too busy handling transactions to really converse with the customer