After months of discussing social media here on our blog and in our research, we thought we’d kick off 2010 by expanding our own efforts in this realm by enhancing our commentary with video. So, welcome to our first of what we hope will be an ongoing series of video interviews and comments with our analysts.

Continue Reading »

Take a look at the statement image. On it, you’ll see roughly $30,000 in fraudulent transactions. On 9/26 there are seven transactions, in Helsinki Finland for just under $5,000 each. How these charges made it through any kind of reasonable security check is beyond us.

It should be noted that the cardholder, one of our employees, has never set foot in Finland. Continue Reading »

With 2010 almost upon us, firms rushed to make their end-of-year changes and introduce new programs.

Chase Introduces New Charitable Initiative through Facebook

Chase’s new Community Giving Program allows customers to vote, through Facebook, for their favorite charities, with top vote-getters receiving donations from Chase. In some ways, Chase’s Community Giving Program is a hybrid of two innovative programs previously introduced by other credit card issuers: Citibank’s Make a Difference program, introduced earlier this year, also utilizes Facebook as a platform through which users can help solicit donations to their favorite charities, while American Express’s Members Project, which ran in 2007 and 2008, allowed card holders to vote for new projects that would be funded by AmEx. Continue Reading »

A recent article on Forbes.com discusses a number of online bank account fraud anecdotes, and assesses the various ways the victims’ banks could have avoided the near catastrophic incidents simply by upgrading their online security systems. The article got us thinking about the best types of online account security offered by the Bank Monitor firms we track. It seems that although many firms offer basic online account verification features, like log-in security questions, images and codes, only a few take security to the next level when it comes to actual account navigation and individual online transactions. Continue Reading »

Fresh on the heels of our Mutual Fund Monitor Report on Online Security comes word out of the Black Hat security conference that ubiquitous page verification technology SSL (Secure Sockets Layer) may have some loopholes in the way it functions with Internet browsers.

Mutual fund firms will clearly wince at this news, as our report found that all 18 MFM companies employ SSL for security. The good news is that potential breaches such as these were discovered before they were nefariously implemented, so it gives security and browser developers a head start in plugging the holes.
Continue Reading »

Following recent observations about how firms have been less than transparent about their financial stability on their websites and through other means, it seems that some companies are taking a different, more clear approach in reassuring potential clients. Instead of sugar-coating the state of their corporation’s health, some firms are now reassuring clients that their money is safe because their accounts are FDIC-insured – not because the firm is somehow “different from all the rest” that went down, as many have recently claimed.

While clients may still feel anxious and uncertain about the future home of their finances, the knowledge that their money is secure and won’t completely disappear with a firm if it collapses provides at least some comfort during financially unstable times. Continue Reading »

It’s no secret that the annuity industry has faced its fair share of scandals this decade. Tales of crooked advisors talking old folks out of their retirement savings are in the back of many investors’ minds when they hear the word “annuity.” The fact that annuities are seen as complicated and loaded with hidden fees does little to bolster product sales either.

The negative publicity against the annuity industry peaked in April when Dateline NBC caught several advisors selling unsuitable indexed annuities to older investors. The program also exposed seedy training seminars that serve to proliferate unethical selling practices and promote a “sell first” mentality that makes clients’ needs a secondary consideration.

To the industry’s credit, many firms have taken steps over the past year to address the growing concern surrounding suitability. Continue Reading »

Fraud not only hurts a financial institution’s bottom line, it also generates the kind of negative publicity that’s difficult to erase and easily metastasizes in this information age. Thanks to the rise of social media, any fraud victim can log onto his or her blog, or post a clip on YouTube, and instantly vent about their experience for all of the world to hear. If their posting is entertaining or outrageous enough, it’s liable to circle the globe in as little as a few weeks, further blackening the institution’s reputation. Continue Reading »

Banks, brokerage firms and financial services firms in general have all heard about two-factor authentication by now, and many firms already offer the service. While banks were required to adopt two-factor authentication, other industries have been offering two-factor schemes to secure client accounts.

Most banks have settled on RSA’s PassMark image-based system (users pick an image that will be displayed when logging in to verify the site’s authenticity). Some brokerage firms offer this same system while others offer clients a token-based system (Charles Schwab and E*TRADE for example). Instead of images, the token (also usually provided by RSA) ties a specific client to an algorithm that the token uses to generate a number that the website verifies. As we said, this is pretty much common knowledge and accepted practice for quite a few financial services firms (let’s include PayPal in that group).

Two-factor authentication is good for securing personal information and locking down accounts, like your bank account. Because it is so robust and is generally resistant to brute-force attacks and key logging tools, this technology could be useful for locking down all kinds of accounts. As an example, how about a two-factor token to lock down a gaming account? Blizzard Entertainment has in fact just started offering ID tokens for its wildly popular World of Warcraft game. The token costs just $6.50 and is tied to specific player IDs. Just like at financial services firms, players log in as usual then enter the token-generated number.

Continue Reading »