“button your lip don’t let the shield slip
take a fresh grip on your bullet proof mask
and if they try to break down your disguise with their questions
you can hide hide hide
behind paranoid eyes”
–Roger Waters (Pink Floyd), Paranoid Eyes
GonzoBankers, it seems that everywhere you turn, there is talk about security breaches, lost tapes chock full o’ credit card and Social Security numbers, illegal spankings, wire fraud, stolen passwords for Internet banking. Wait a minute… stolen Internet banking passwords?? Holy chicharon! That means consumers are sure to start flocking from Internet banking or at least slowing down on their adoption rates… so, the lines in our branches will expand by miles… and we’ll have to build more branches to handle the droves… and that’s going to cost a lot… and we can’t afford new branches or more tellers this year…. and I don’t want to deal with headlines or regulatory scrutiny!!!!!!!!
OK, deep breaths, GonzoFreaks. Repeat after me: It is not time to hit the panic button on Internet banking. Inhale. Exhale. Nice and easy. Yes, we should remain seated and buckled in through this brief period of security turbulence, but let’s not start shoving our way to the Exit Aisle just yet. Internet banking is not going away as the alarmists would love us to believe. It probably won’t even noticeably slow down. Have you ever once met or even heard of someone who actually said they’re closing their online banking account because of security concerns? I bet not.
On the other hand, banks and credit unions are going to increasingly face dilemmas like the one at Bank of America that Carl Faulkner described in “Lack of Demand Results in Death of Internet Banking” (GonzoBanker, May 13, 2005). A customer loses some money due to no fault of the bank but rather due to the customer’s home PC getting hacked or otherwise compromised. Then, the red-faced customer looks to the bank for compensation.
Technically speaking, B of A did the right thing. Believe me, I’m a Power to the People type who loves to bash the really big banks when they have it coming, but this was not B of A’s fault. Bank of America should be no more be responsible for a consumer’s PC getting compromised than it should be if a customer’s ATM withdrawal gets snatched in a mugging. That said, from a public relations standpoint banks are probably going to have to pony up for stupid customer Internet banking losses in the future just to keep the consumer activist groups off their backs and the fraud headlines down to a below-the-fold whisper.
Granted, Dr. Faulkner has been a tad on the paranoid side regarding online security ever since someone used his credit card to subscribe to an all-male, Canadian “photography” Web site (true story.) But allusions to the downfall of Internet banking aside, Carl was dead-on last week – financial institutions damn well better plan on the reality of security mishaps and how to react to them rather than pretend they can ever stop the breaches altogether. And if you believe that banks and credit unions are going to bear at least some responsibility to financially cover dim-witted users who cannot protect their own PCs and passwords, GonzoBankers simply must beef up their online banking applicant screening. Yes, you want customers to adopt Internet banking, but you also want to Know Your Customer, right? A moron for an online banking customer can mean potential losses for you, sí?
So, GonzoBanker has written a simple questionnaire for banks to provide in their lobbies and on the Internet for their online banking applicants. Let’s end the anticipation; I offer to you GonzoBanker’s Online Banking Applicant Screening Questionnaire:
XYZ Bank: Online Banking Screening Questionnaire
1) While surfing on the Internet, no doubt avoiding porn sites and doing legitimate research, you encounter a pop-up that says you have just won a free Sony plasma TV. All you have to do is provide all of your personal demographic data, Social Security Number and a credit card number to pay for shipping. What do you do?
2) You receive an email explaining that you can split $45,000,000 with a Nigerian ex-pat if you will only send him your banking account data so that he will have a place to safely stash the loot. What do you do?
3) Our bank’s offshore data center sends you an email with a “.Ukraine” suffix. The bank needs to update your account information, including account number, Internet banking logon ID and password. We flat-out lost it all! Please log on to the following site and type in your information: www.ourbank.ukraine//thisisnotascam//9%^&())*&%/legitimateinquiry/
How do you react?
4) If our bank were to grant you access to our online banking product, how would you remember your user identification and password?
5) Using our secure terminal to your right, please take the Phishing IQ test on MailFrontier: http://survey.mailfrontier.com/survey/quiztest.html
How many questions did you answer correctly?
6) Let’s pretend. Your name is Rich Christensen, and your account number at our bank is 4767410. Of the choices below, what is the most appropriate user identification and password to be used for your Internet banking account?
And that’s all there is to it – six simple questions to weed out the high-risk brainless. Now, no consultant worth his beefy hourly fee would provide you with a tool of this magnitude without a key to interpret the results, so here are some guidelines:
Feel free to copy this questionnaire verbatim, tweak it or wholesale customize it. Use it in your normal account opening process. No pride of authorship here, Chachi. No, I used to work for the federal government, and I remain
Here to Help