A recent article on Forbes.com discusses a number of online bank account fraud anecdotes, and assesses the various ways the victims’ banks could have avoided the near catastrophic incidents simply by upgrading their online security systems. The article got us thinking about the best types of online account security offered by the Bank Monitor firms we track. It seems that although many firms offer basic online account verification features, like log-in security questions, images and codes, only a few take security to the next level when it comes to actual account navigation and individual online transactions. Continue Reading »

Fresh on the heels of our Mutual Fund Monitor Report on Online Security comes word out of the Black Hat security conference that ubiquitous page verification technology SSL (Secure Sockets Layer) may have some loopholes in the way it functions with Internet browsers.

Mutual fund firms will clearly wince at this news, as our report found that all 18 MFM companies employ SSL for security. The good news is that potential breaches such as these were discovered before they were nefariously implemented, so it gives security and browser developers a head start in plugging the holes.
Continue Reading »

Banks, brokerage firms and financial services firms in general have all heard about two-factor authentication by now, and many firms already offer the service. While banks were required to adopt two-factor authentication, other industries have been offering two-factor schemes to secure client accounts.

Most banks have settled on RSA’s PassMark image-based system (users pick an image that will be displayed when logging in to verify the site’s authenticity). Some brokerage firms offer this same system while others offer clients a token-based system (Charles Schwab and E*TRADE for example). Instead of images, the token (also usually provided by RSA) ties a specific client to an algorithm that the token uses to generate a number that the website verifies. As we said, this is pretty much common knowledge and accepted practice for quite a few financial services firms (let’s include PayPal in that group).

Two-factor authentication is good for securing personal information and locking down accounts, like your bank account. Because it is so robust and is generally resistant to brute-force attacks and key logging tools, this technology could be useful for locking down all kinds of accounts. As an example, how about a two-factor token to lock down a gaming account? Blizzard Entertainment has in fact just started offering ID tokens for its wildly popular World of Warcraft game. The token costs just $6.50 and is tied to specific player IDs. Just like at financial services firms, players log in as usual then enter the token-generated number.

Continue Reading »

We recently received an email from American Express stating that we may be part of a class action suit against the firm. We have received notices of class actions frequently with our many brokerage accounts (which often require hours of paper work to receive $3.57 while the attorneys receive millions), but what was unusual about this email is that the Class Counsel (the guys suing AmEx) have asked for the email addresses of all people who may be in the class.

Continue Reading »