U.S. Based Banks Complacency Toward Identity Theft
Solutions Causing a National Security Threat

U.S. Banks are already to late to make the required security upgrades required by the FFIEC.

(PRWEB) September 6, 2006 -- The single largest national security threat is a terrorist attack on our banking system. An attack aimed simultaneously at millions of username and passwords within banking would shut down our banking system. This would ripple out into the free world almost instantly shutting down banks worldwide. Credit/debit cards, checks, calls to the bank, would not work for at least a matter of days causing tremendous hardship and ripple effect from no gas to "I simply have to take this baby food." Anarchy would reign and people would fight and people would die. After that millions would not trust banks or our banking system and we would revert to a cash based society causing irreparable harm to our entire way of life. People would revert to keeping cash under the mattress and we would be back in the great depression era of 1929. "Simply put, easy to accomplish with the current single factor security (user name and password) at banks online for any terrorist organization, even from a cave in Pakistan." says Paul Gerstenberger, a cyber security expert with Authenticol Systems of Boulder, Colorado. Banks in this country and even our government are not taking this threat seriously enough and the wheels of bureaucracy are putting us at an extreme level of vulnerability.

$50 Billion Dollars per year being lost to Identity Theft according to the FTC and increasing by double digits each year. This huge yearly loss is going directly to International terrorism and Organized crime. What makes us believe they could not hit us all at once?? Banks are allowing it to happen rather than comply with Federal regulations to greatly increase online banking security by the end of 2006. Not a single bank has complied..why.because they would quite simply rather not change anything for the consumer..not even to increase security.not even to stop terrorists from getting our money. The simple fact is that when identity theft strikes, banks simply write it off to the consumer and the taxpayer through insurance and the FDIC.
CBS Evening news reported on August 23rd that "Foreign banks adopt stricter security requirements but U.S. Banks resist. "

Internet banking is a convenient way to conduct banking transactions. Today most international based banks have been proactive in implementing higher security for their customers including the implementation of multi-factor security systems. The question is why have US based banks resisted implementing available technologies to protect the US consumer. The FFIEC that regulates the FDIC insured banks has mandated that all US based banks implement higher security before the year's end which is 120 days away. The letter entitled Authentication in an Internet Banking Environment states that banks must implement a security technology to all their consumers that use online banking and must meet certain issues as described within. With only 120 days left, the guidelines can not now be met by any US bank before years end.

Current solutions that have been implemented by a few banks are not compliant with federal regulations such as SITEKEY with Bank of America. The solution has been riddled with problems and blatantly does not meet federal regulations set forth by the FFIEC by using personal information to authenticate such as mothers maiden name. It also does not meet the definition of multi-factor security, mutual authentication and customer education. A huge vulnerability was recently exposed by Sestus data corp.
Another example is CitiGroup's implementation of One Time Password tokens for their high net worth customers. This technology is highly impractical for use on a wide customer basis and still does not answer the primary problem of phishing as evidenced by a number of breaches. FFIEC regulations require that all online users be protected. One Time Passwords also do not meet the definition of multi-factor security.

The underlying vulnerability to consumers is that they cannot tell whether a bank site is real or fake (phishing). The guidance is written to address this issues that ultimately assumes correctly that single factor security ie. Username and password credentials are extremely vulnerable.

Authenticol Systems of Boulder Colorado seems to have the only solution that meets the FFIEC guidance and properly addresses the primary issue of phishing as well as could be implemented to a large number of U.S. banks before the end of the year. This monumental task is actually possible with the C.O.B.R.A. (Commercial Online Banking Restricted Access) Toolbar solution because it requires almost no bank side integration and is inexpensive to implement system wide. "It is the world's first real mutual authentication system" says a company spokesperson.

The C.O.B.R.A. system actually exceeds the FFIEC regulations because it not only protects users at the banking site but also beyond. The system properly defeats both phishing and pharming and meets the criteria for ease of use, consumer education and is a control that properly mitigates the risk of banking transactions online. This solution is currently available to U.S. banks and while several large ones (Citigroup and J.P. Morgan Chase) are currently looking at adopting the system it seems as though the bureaucratic red tape is dragging on and as it does more and more Americans are put at risk.

The FFIEC, ABA, NCUA, FDIC and many other banking organization have ignored the call to implement higher security by not just Authenticol but other security venders as well. A progress report conference participated in by the FFIEC and ABA resulted in only 30 out of over 35,000 working towards compliancy.

The big question is still why are banks continuing to be complacent and continuing to put us at risk? One possibility is simply that banks profit on identity theft as well by advertising internal "perceived" security solutions to gain customers from other banks. These systems advertise security while only delivering insurance or calls to your credit agency and are not really protecting customers previous to an identity theft at all. According to a study done by EDS corp. of Plano Texas 38% of Americans would switch banks for a "perceived" increase in security which gives banks have a good reason to drag their feet when it comes to a real security solution.

This country seems to only allow change "after" a crisis, such as was the case with airline security after 9/11. Let's hope we are not too late already!


AUTHENTICOL SYSTEMS
Contact: Paul Gerstenberger
Phone: 303-245-0001
Website: www.authenticol.com