Bank of America Delays Security Update

The Bank of America's rollout of a stronger user authentication technology has hit a snag and is now expected to be completed in early 2006, several months later than originally planned.

The nationwide bank had expected to make a new authentication service, called SiteKey, mandatory for all of its 14.3 million online banking customers sometime in October. Now, that date has been pushed back to early 2006, according to Betty Riess, a Bank of America (BofA) spokesperson. "We've made some adjustments in terms of the rollout schedule," Riess said.

She declined to comment on what exactly had caused the delay, saying only that "sometimes when you get to actually doing the implementation, you make adjustments."

Some Customers Upgraded

Still, a large number of the BofA's U.S. customers are already using SiteKey. The system presently is in use in the Southeast, Midwest, and Southwest, and is expected to be in use in California, the Northeast, and Northwest by year's end, Riess said. Most customers will be forced to adopt the system by year's end, with the final two states--Washington and Idaho--going online in early 2006.

Based on software developed by Menlo Park, California's PassMark Security, SiteKey is able to recognize when a Bank of America account is being accessed via an unknown computer. It can then generate a predetermined "challenge" question, adding another level of security to the process of logging in. The software also lets users choose a specific image--a photograph of a dog, for example--that can then be re-shown to users in order to reassure them that they are actually visiting the Bank of America Web site, and not some other site masquerading as www.bofa.com the corporate site.

Ahead of Regulations

The SiteKey rollout may put BofA ahead of the curve on new federal regulations, which are due to take effect next year.

Last week, the Federal Financial Institutions Examination Council (FFIEC) released guidelines calling for U.S. banks to use a stronger form of authentication than the username and password logins typically used for online banking today. The guidelines call for Internet bankers to now add a new form of authentication to their online banking systems by the end of 2006. They do not spell out what exactly what this technique must be, leaving banks some leeway to develop their own approaches to stronger authentication.

Though Riess declined to comment on whether or not the BofA's system met these requirements, PassMark believes that its software qualifies, according to Mark Goines, PassMark's chief marketing officer.

In addition to the BofA, PassMark's software is being used by Stanford Federal Credit Union, in Palo Alto, California, Goines said. Online brokerage Scottrade is also in the process of rolling out the software, he added.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
  
Shop Tech Products at Amazon