Online Banking: 'Deputizing Our Customers' at Bank of America

Notes from RSA Conference Day 2 Bank of America is well known for its mobile banking services. Currently, the institution has 750,000 mobile banking customers receiving services on 400 different kinds of devices.

But did you realize that one of the ways BoA secures its electronic offerings is by providing its customers with abuse reporting capabilities?

"We deputize the customer," says Scott Huie, SVP of E-Commerce, one of a panel of BoA execs detailing the bank's offerings at the RSA Conference on Wednesday. "We're all in favor of having our customers as our police force."

Listen to RSA coverage on Bank of America's Mobile Banking Services: RSA Conference Day 2 Coverage

Wednesday's audience was filled mainly with competing bankers, as the BoA executives described their online security initiatives.

Key to their efforts - literally - is their proprietary SiteKey, which sits on browsers to authenticate sites and devices with a combination of images, image titles and challenge questions.

Additionally, BoA now offers SafePass, a new one-time passcode for high-risk activities such as money transfer between individuals. Rather than a physical token, SafePass comes as a text message or a card.

As a result of both initiatives and the security awareness that accompanies them, BoA executives say, customers now are more savvy about risks. "They're a lot more aware of the fraud threats," says Todd Inskeep, VP Innovation and R&D.

Customer education is one of the security team's priorities, Huie says. Efforts include a dedicated website, emails and even white papers about security best-practices. In some cases, when made aware of phishing attempts, BoA will even take down the offending site and replace it with a customer education page - a virtual safety net to catch potential fraud victims.

Going forward, BoA has its sights on RSS feeds, additional mobile offerings and next-generation channels. The bank also is working with MIT's Media Lab to develop a Center for Future Banking. The key, Inskeep says, is to make security a fundamental concern. "We want to build in security at the design phase," he says.

E-Discovery and Digital Forensics: Follow the Evidence
Forensics. When people hear the term, they often envision Quincy or CSI - some popular TV show in which police investigators dig up data to make their case in court.

The same is often true in financial institutions, where digital forensics can be used in support of legal e-discovery. "But it's not always about cracking a case," says Dennis Seibert, Lead Forensic Analyst of Fifth Third Bank. "It's about following the evidence and seeing where it leads you."

This was the key theme of Seibert's E-Discovery and Digital Forensics presentation at the RSA Conference on Weds. Discussing the forensics process and establishing the difference between legal investigations and corporate forensics, Seibert identified the typical cases he's called to investigate:

Employee dismissals;
Policy violations;
Network intrusions;
E-discovery.

Seibert also offered the top traits he looks for in adding a forensics analyst to his team. He wants someone who:

Knows where the data lives;
Understands deleted files;
Can delve into log files and emails;
Possesses superior communications skills, so that they can present their findings to all levels of interested parties.

About the Author

Tom Field

Tom Field

Senior Vice President, Editorial, ISMG

Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.