US Regulators to Banks: Beef Up Your Security

Back in the good old days robbing a bank was  task that not only involved great risk, but highly thought-out planning and research as well.  And even at that, there was nothing “fool-proof” about it.  In fact, the closest thing to a “fool-proof” bank robbery that I’ve ever heard of was in the fictional 2001 film “Bandits” where Joseph Blake and Terry Collins kidnap bank managers on the evenings prior to their big heist in order to use their vault keys to open the doors.  But now in our more modernized age, robbing financial institutions is no longer a matter of holding up a gun and stuffing money into a bag, but rather a case of clever computer skills and taking advantage of security vulnerabilities in banking systems.

No better example of this concept is the recent security breach that Citibank fell victim to in May of this year.  While it’s easy to envision such an occurrence being the at the hand of genius hackers sitting in dimly lit basements behind monitors sporting nothing but green lettering on a black console, the sad reality of the matter is that the hackers managed to pull off their cunning operation using a method any grade-schooler could have used.  Needless to say, events like Citi’s compromised data – and the fact that the “hack” was pulled off so easily – has drawn a great deal of criticism to how banks handle their online portals.  After all, what good are six-inch thick vaults if money can be moved around with just a few keystrokes and a couple clicks of the mouse?

Not only have your run of the mill end-users been growing more and more concerned with their bank’s security, but developments earlier this week show that banking regulators in the United States have developed concerns as well.  More specifically, regulators are growing weary “that fraudsters are utilizing increasingly sophisticated and malicious techniques to thwart existing authentication controls, gain control of customer accounts, and transfer funds to money mules that facilitate the movement of those funds beyond the reach of financial institutions and law enforcement”, says the Federal Financial Institutions Examination Council.

With this, new regulations are being passed that specify higher security standards that banks in the states are expected to follow in order to protect the identities and capital of their customers.  To start with, banks are now being asked to better implement multiple factors of identification on accounts so that a simple stolen password cannot give a would-be identity thief full access to a customer’s account.  Some banks like the one I use allow for two-factor authentication by way of text message so that someone attempting to log into an online account would need not only the username and password, but access to a physical mobile device as well.  However, as glad as I am that this feature is (and has been) available to me, it’s somewhat disappointing that it hasn’t been a standard for all banks.

On top of this, banks are now being asked to raise customer awareness of online security and safety while banking online.  In my opinion, this is the best move because it will ultimately ensure that more users understand the risks of online money management, and in the long run should help customers to establish better practices.

What do I think about all of this?  It’s about time.  I’m really tired and frustrated with the fact that I’m on IRC channels and utilize email and social networking sites that implement stronger security than banks.  Really, that fact in itself is simply disgusting.  Hopefully these new implementations will change this and we’ll see better banking security in the near future.  Most importantly, I hope that online banks keep up with the latest threats and whatnot, as these new regulations in themselves will do little to no good as the bad guys better their methods.