Penn State Hershey Cancer Institute
June 27, 2009
All ages seek out moments to enjoy campus wildlife, greenery
June 25, 2009
Music at Penn's Woods returns
June 20, 2009
Arboretum holds open house
June 19, 2009
'Dining Room' set to open
June 11, 2009
Summer slower at University Park
June 9, 2009
Faculty member photographs Colbert visit to troops
June 9, 2009
Special Olympics 2009 under way
June 5, 2009
Student interns go through journalism 'boot camp'
June 1, 2009
2009 Trash to Treasure sale a success
May 30, 2009
University Park Airport conducts full-scale disaster drill
May 27, 2009
Mobile unit seeks to bridge gap in healthcare access
Penn State nursing simulation lab is unveiled
Commencement ceremonies 2009 (time lapse)
Graduate goodbyes 2009
Penn State names new laureate
Penn State's creamery, from the cow to the cone
Penn State joins EPA's Sustainability Partnership
Evolution-proof insecticides may stall malaria forever
Probing Question: Is it safe to pay my bills over the Internet?
Thursday, January 19, 2006
By Lisa Duchene
Research/Penn State
Managing your money is no easy task. While television commercials make it look easy to do all your banking online in just five minutes, on the next channel, insurance companies warn of crooks that will steal your identity and your money. What’s the deal? Is it safe to pay your bills online?
No, not yet, said John M. Jordan, executive director of the eBusiness Research Center at Penn State's Smeal College of Business. "There are lots of ways it can go wrong," said Jordan, who does not use the Internet to pay his bills or do his banking. Thieves are proficient at outsmarting the technology banks use to provide online access to your accounts. Online crime is a multi-billion dollar global business.
"You hop, they take two hops. You hop again, they take two more," said Jordan. "So far the bad guys are ahead."
A few ways crooks can get your account information and use it to steal your money include:
-- The "man in the middle" scam, in which thieves use a fake Web page that looks identical to your bank's Web site to intercept information you think you are giving to your bank.
-- "Key logging" software -- installed onto your computer without your knowledge -- that records every keystroke made on a machine.
-- Fake e-mails carefully crafted to look as if your own financial institution is requesting your personal information. Called "phishing," this scam stole about $929 million from 1.2 million U.S. consumers from May 2004 to May 2005, according to Gartner, a technology research company in Stamford, Conn.
In addition to having your money stolen, other dangers of online banking include identity theft, damage to your credit rating and the mountain of paperwork involved in straightening out a mess.
"Every time (banks) make online bill-paying easier to use, (they) may be making it easier to break into," said Jordan.
Behind the scenes, banks are scrambling to build security into their systems so that nobody but you can touch your money.
The root of the problem, said Jordan, has to do with authentication, i.e., how banks verify a consumer's identity. In the online arena, banks use only one way to authenticate identity, instead of the two ways used in every other transaction arena.
People prove their identity in three basic ways, he explained: with something they know, such as a password or PIN number; something they have, such as an ATM card; or something they are, such as a fingerprint or photo ID.
Most transactions, said Jordan, involve two of these methods. To take money out of an ATM machine, you provide the bankcard and a PIN number. But online banking uses only one way to verify identity.
"Banks are trying to figure out a second factor of authentication," said Jordan. They have to do it soon, since the federal government wants to see greater security in electronic banking by the end of 2006.
In mid-October, the Federal Financial Institutions Examination Council issued new guidance to banks, declaring that the single-factor method of verifying identity for online banking falls short and urging them to better protect consumers' money and identities. The council's members include the Federal Deposit Insurance Corporation and the Board of Governors of the Federal Reserve System.
Banks can offer further security in many different ways, said Jordan. They may use a "shared secret" method, in which customers send their bank a picture of their dog, then are asked to identify their dog from a canine lineup whenver they want account access. Or banks may provide battery-operated identification cards that automatically issue a new, unique pass-code to their online banking website every 30 to 60 seconds.
Or, you may soon have to use your fingerprint to log in to your account. A fingerprint-reader device generates a unique multi-digit secure number that can't be hacked, said Jordan.
Banks must find solutions because a lack of consumer trust threatens online banking and e-commerce itself, said Jordan. "If you lose trust in the instrument of money, then there is no money because money is a trust system."
***
John M. Jordan is executive director of the eBusiness Research Center in Penn State's Smeal College of Business. He can be reached at jmj13@psu.edu.
For more Probing Questions, and other features about research at Penn State, subscribe to Research Penn State: Online at http://www.rps.psu.edu/subscribe/
Blogger
del.icio.us
digg
Facebook
newsvine
Twitter
Email this to a friend
Printer-friendly version
Download PDFContact
-
- Emily Rowlands
- 814-865-3477
- http://www.rps.psu.edu/