Retail Delivery 2004 and Notables from BAI 2004

The biggest banking show of the year, BAI’s Retail Delivery was
held Nov. 16 to 18 in Las Vegas. Here’s what caught our attention this year.


1.   Channel integration: As mentioned on page one, we were
smitten with the “teller assist” hardware from Source Technologies .
Its vision: teller lines soon look like airport check-in counters, a mix of
touch-screen automation with human support. One teller can do the work of
two or three, as the customers do most of the work feeding deposit items
into a terminal that scans them and displays an image on the screen for
verification. The company says payback is one year.

2.   Security issues: Jim Van Dyke Principal of Javelin
delivered two sessions on the three Fs: fear, fraud, and
phishing. His new safety scorecard even made the Wall Street Journal
the day before he spoke (see WSJ, Nov. 16). Of the 39 banks surveyed
by Javelin, Bank of America came out on top with a 71 score on the
100-point scale (see Table 3 below).  One of Van Dyke’s key themes:
eliminating mailed billing and financial statements. It’s the one avenue of
fraud and identity theft that’s relatively easy to avoid while saving the
financial institution a substantial amount in paper and postage. Users
should be allowed to turn off paper statements and should be encouraged to
avoid putting any paper into the system by using debit at the point of sale
and using electronic options to pay bills. You can access a synopsis of the
research at
 or purchase the entire report for $2500.

Table 3

Top Scoring Financial institutions on Javelin’s Identity Fraud

maximum regular score = 100


Source: Javelin Strategy & Research presentation at BAI Retail Delivery,

*39 financial institutions evaluated by mystery shoppers across 44
criteria; scores ranged from 12 to 70.5,
max=105 including potential 5-point bonus, see below

**Wells Fargo had the top score of 73 across the three evaluation
categories; however they received a five-point deduction for using the
social security number as the default username; financial institutions could
also receive a five point bonus for not allowing nine-digit numerical
usernames (so users couldn’t use social security number); other than Wells
Fargo, we do not know if any of the above financial institution received
bonus additions or deductions. If so that could mean that their component
scores were different that what we deduced above.

3.   Account-to-account transfers: CheckFree (see also
number 7 below
), Yodlee, and CashEdge were on the floor
discussing their latest improvements to interbank transfers. CheckFree’s new
bill payment platform includes interbank transfers, quick payee setup, and
user-input payment reminders. CashEdge, the leader in the burgeoning A2A
field, even landed another top-10 bank at the show. They now power
, Bank of America, and several yet-to-be-announced large
banks. By next year’s show, the company expects to be powering A2A for five
of the top 10 U.S. banks.

4.   Prepaid cash: American Express and WildCard Systems
 along with Visa and MasterCard of course, were on the
floor pitching prepaid gift and travel cards. A great opportunity for online
banking operations to monetize their user bases. To see the future of gift
card delivery online, check out payment processor iPay’s system



5.   Branchless banking: Deloitte director Michael Raynor who
co-authored The Innovator’s Solutions with Clayton Christensen, used
ING Direct as an example of a potential disruptive technology in the
area of branchless banking. He said the jury was still out, but banks would
be wise to keep an eye on the ramifications from ING’s success. We couldn’t
agree more. And imagine if an ING Direct-like company sprinkled a few Source
Technologies truly automated tellers (see #1) around town, it could
be a viable business model. One that functioned as a true branchless bank
servicing transaction accounts as well as savings deposits.

6.   Automatic savings: ShareBuilder was on the exhibition floor
again, with a nice location. They are really on to something by providing a
low-cost way for investors to get involved in equity markets while
simultaneously introducing them to the power of automated savings.
ShareBuilder is marketing slick new account kits complete with a book, Smart
Money Magazine subscription, and $30 in cash for the first investment (see
screenshot below
). It’s a great product to market during the holidays as
parents, grandparents, and others love the ease and value of this
politically correct gift. Wells Fargo and ShareBuilder
have been emailing well-designed holiday sales messages for the past few

Wells Fargo is selling a ShareBuilder “Investor Starter
Kit” which includes a subscription to Smart Money, a Wall Street Journal
book, and $30 cash to invest. Total cost is $24.95, an excellent value.


7.   New CheckFree “bill management” platform: CheckFree continues to
improve its widely used platform with the goal of making it a complete “bill
management” center. Additions coming in version 4.1, available in Q2 2005

  •          user-entered payment reminders
  •          integrated inter-institution transfers
  •          quick payee-setup that can be set up with just a payee phone
  •          integrated checking account balance


Still lacking: security preferences for setting up a “firewall” around the
user’s payment system.


CheckFree’s consumer site leads with a powerful benefits-oriented graphic
and headline,
”Delete: Paper bills. Add more life.” Then immediately to the right is someone
reading a book on the porch, obviously enjoying their extra leisure time.

Categories: BAI

OBR Special Report on New Safe Banking Initiative

Fed by media reports, often wrongly implicating online banking in fraud
problems the public is becoming exasperated with the growing assault on
their computing. Spyware, adware, spam, viruses, worms and phishing are
enough to drive consumers back to that comfortable spot on the couch where
all they have to worry about is what show’s on next.*


At Online Banking Report, we’ve watched the growing backlash with great
concern. Although we’ve written about it, we want to do more. We’ve been
telling reporters for years that overall online banking is safer than
the paper processes it replaces. To get that message out to a broader
cross-section of consumers, we are launching the Safe Banking Initiative
(SBI) to foster education and awareness of safe online banking practices
within the industry and to educate the marketplace, especially the media, as
to the real risks of various banking and payment options, both online and
off. Its business model will be similar to the Underwriter’s Lab in
the electrical appliance field. The SBI website (under construction) will
contain educational information along with a database of certified banks.

Safe2Bank Online (S2BO) Certification

One of the first efforts will be the deployment of the Safe2Bank
Online Certification
program that will allow regulated financial
institutions to apply for a safe banking logo that can be displayed on their
websites. The idea is help consumers know when they are visiting a financial
institution that adheres to the Safe2Bank guidelines. We plan to make
the scorecard criteria open to the public via the Safe2Bank website, but the
weightings, actual scores, and score cutoffs will remain confidential
(although participating financial institutions will receive a full copy of
their weighted scorecard and comments).


The guidelines are still in development, and we are looking for your
input. The first draft is listed on pages six and seven. To become
certified, financial institutions must achieve a yet-to-be-determined
minimum score across the 80 items. Financial institution will not have to
pass all 80 guidelines to become certified, although there may be certain
required items such as a visible privacy policy, secure password-reset
procedures, and so on. Certified financial institutions will have their
names, Web addresses, and contact info listed on the Safe2Bank website. They
also have the option of licensing the mark to display on their own websites
and marketing material  .

To become certified, financial institutions must answer a questionnaire
on their online banking features and processes (all questions related to
publicly available material). Answers will be verified by an SBI employee
and scored using the criteria in Table 2 . Each factor will be weighted, and
partial credit will be available on certain guidelines. The resulting score
and comments from the evaluator will be shared with the participating
financial institution. The audit deals only with publicly visible features
and processes: it is NOT a back office or network security audit like the
SAS 70 or other regulatory reviews.






*As we were going to press, another story ran on The NBC Nightly News
about $90,000 lost by a small business apparently aided with information
obtained from a personal computer (reference:



Table 1

Safe Banking Initiative Timetable

Dec 2004 Industry announcement
Q1 2005 Online scorecard criteria
  Certification applications
Q2 2005 Safe Banking Online audits
  First financial
institutions certified
  Safe2Bank Online public
awareness campaign launched
Q4 2005 Safe2Bank Online scorecard

Source: Online Banking Report, 12/14/04

Timing & Cost 

Financial institutions are encouraged to apply now for certification. The
first wave of certified financial institutions will be announced at the
launch of the consumer education campaign, currently slated for second
quarter 2005. Financial institutions will be certified in the order of
application, so the earlier you return the reservation form, the sooner
you’ll be eligible. The cost for the certification audit is $500 payable
with your reservation form (see enclosed). The fee is not refundable,
but those not passing may reapply within 12 months for half price.

Licensing the Safe2Bank logo

Financial institutions passing the S2BO audit will have the option of
licensing our Safe2Bank Online logo for inclusion on their websites
and marketing materials. Licensing cost will be no more than $1000 annually
during the launch period. Final pricing will be announced in first quarter

Consumer Awareness Campaign

As the certification process unfolds, we will initiate a far-reaching,
consumer-awareness campaign. Part of that effort will be to help each
certified bank make a splash in their home market. SBI will assist in
issuing a joint press release and will participate in other media events as
well. Online promotional efforts will also be used to raise awareness of the
Safe2Bank designation.

Reservation Form

We have enclosed a signup form with this newsletter. Receive one via
email by sending a request to


Organizational Structure

The SBI is a wholly owned division of Financial Innovations, publishers
of Online Banking Report since 1995. The managing director is Kate Schultz
who brings to SBI a long track record of organizational leadership in the
nonprofit sector along with 10 years of contributions to Online Banking
Report. All guidelines will be reviewed by an industry advisory board
(below) before being finalized.

SBI Advisory Board

We consider every OBR subscriber to be an unofficial SBI advisor. So
please provide your input on the S2BO scorecard and any other aspect of the
initiative. We are also assembling a more formal advisory panel from the
industry to review the criteria and submit comments. If you would like to be
on the official panel, please email
. The position is voluntary and unpaid with a
relatively small time commitment**
(no meetings!). Membership is limited with preference to financial
institution employees.


Although all the information obtained in the audit will be publicly
available, we understand the sensitivity of the industry to the threat of
hacking and leaks. Therefore, all audit results will be kept in
password-protected files on computers not connected to the Internet.

*Financial institutions are encouraged to obtain an opinion from their
compliance and legal staff on the ramifications and implied liabilities,
if any, of using the Safe2Bank logo.
**The time commitment should be no more than a few hours each quarter.


Safe2Bank Online Scorecard Beta Version 1.0

Table 2

Safe2Bank Online Scorecard

Source: Online Banking Report, 12/04

References: Security and Privacy Report, OBR 93/94


FraudEliminator – Online Security Toolbar

Because lack of trust and other security issues consistently rank first on the list of reasons why people don't bank online, we will continue to devote a seemingly inordinate amount of attention to this subject.

Fraudeliminator2That said, another new browser toolbar was recently released by FraudEliminator, LLC, a company founded just this year according to its website.

The toolbar is one of the better we've seen, combining excellent design with good functionality. Like eBay's toolbar, the FraudEliminator, monitors your and warns if a suspicious or flagged URL is entered in the address bar.

Fraudeliminator_toobar It's a good tool, but how does a user know that the FraudEliminator is not some malware in disguise? Unless the company spends millions educating the marketplace, this particular plugin will have trouble gaining a following.

However, if a bank were to partner with the program, releasing a co-branded or private-branded version, it could be a hit. The bank would provide the needed credibility while FraudEliminator LLC provided the technical expertise and support.


TowerGroup posts Realistic Estimate of Phishing Fraud Losses

Link: TowerGroup

The financial services analyst continues to weigh-in on the estimated losses due to phishing and identity theft, with the latter becoming a catch-all for all financial fraud. Estimates from the FTC, Gartner, and Javelin have run into the billions.

Many media outlets have jumped on these estimates and made the incorrect leap that the losses were due solely to online fraud and phishing. Now, much more slowly the story is emerging that the actual online portion of these fraud losses is much smaller. Some even argue that online banking has reduced the total amount of fraud since consumers are able to pay closer attention to their accounts.

TowerGroup‘s latest report on phishing losses pegs the 2004 loss at $140 million worldwide; or about $1 per online banking household. That’s still a big number, and one that seems a bit high in our view, but it’s far less than the billion-plus implied by Gartner earlier this year. It’s also much less than the $500 million figure (for US only) recently released by the Ponemon Institute in a study commissioned by NACHA and Truste.

So is the online channel a help or detriment to the age-old battle against crime? From a monetary perspective, we believe it’s been a net loss so far. As Tower pointed out, it’s not just the actual losses, financial institutions spend far more in prevention and detection than they lose to the crooks.

But long-term, we are absolutely convinced it will be a much safer environment for banking compared to the paper-intensive processes it replaces.

— JB,

Teller-Assisted Self-Service Platform : “Truly Automated Teller Machines”


Teller-assist terminals from Source Technologies could be deployed as a pod
around a human. This mock-up from the company’s website shows a relatively tight
arrangement. Initially, customers are likely to want a bit more privacy to feel
comfortable using the semi-self-service terminals.

 Teller-assist terminals can also be installed as standalone terminals
anywhere in a branch, or like traditional ATMs, in an off-site location.


Introducing The Safe Banking Initiative

Financial institutions must adopt new safeguards in 2005


We interrupt the regularly scheduled newsletter for an important bulletin: The industry1 MUST adopt stricter online authentication and monitoring tools or risk a damaging backlash against online banking and payments. To help spur innovation on the security front, we are launching a new effort called the Safe Banking Initiative, or SBI for short. We hope to create an Underwriters Lab (UL) type seal of approval for financial institutions to display on the websites and other marketing material.

BAI Retail Delivery 2004

On the way home from BAI’s Retail Delivery, I always try to reflect on the “themes” from this influential industry conference. This year it was all about integration: interbank (A2A) transfers integrated with bill payment; ATMs integrated with check processing; branches integrated with online banking; everything integrated with industrial strength CRM systems. 

My biggest aha! occurred at an unlikely spot. Normally, I skip the hardware displays with their legions of enthusiastic ATM salespeople, and head straight for the booths in the back where I always learn something from the online pioneers. This year my most memorable conversations were with Hill Ferguson, Melanie Flanigan, and the whole crew from Yodlee on the bus back to our hotel; Neil Platt and Sanjeev Dheer from CashEdge on the trade-show floor as they landed a major new bank account; and as always, catching up with long-time industry visionary Matt Lawlor from Online Resources.

But this year, thanks to an effective pitch from its Williams Mills rep, Jamie Stephenson, I found myself chatting with Miles Busby, founder of Source Technologies  about his vision of the future branch. Think airport check-in, circa 2004, where rows of touch-screen kiosks greet flyers, run them through the check-in process, and spit out boarding passes. One or two attendants assist with checked baggage and answer questions posed by perplexed travelers using self-service for the first time2.


1We’re referring specifically to U.S. banks; many major banks outside the U.S. have already added rigorous and highly effective authentication processes; one major bank familiar to us has only lost a few thousands dollars year-to-date. 

2Alaska Airlines, the first airline to offer kiosk check-in, then later Web-based check-in, is considering eliminating the ticket counter altogether, a concept it is testing in Anchorage.

A Real Automated Teller Machine

Fast-forward to the bank branch of 2007.  Customers walk in the door and head directly to teller row, no lines. After swiping an ATM card and entering a PIN at terminals built into the counter, customers feed paper checks directly into the deposit slot. Instantly an image of the check appears on screen along with the amount of the deposit. After confirming, the total is added to the customer’s balance, the original paper s check returned as a receipt, and any cash-back is dispensed from the machine. Finally, the human teller asks, “Did you get that double billing on your credit card resolved
Mr. Poddenstopper?”*

The machines can also handle other routine transactions: loan payments and other bills could be paid by feeding billing statements into the machine, then selecting the account to debit; funds could be transferred within the bank or to accounts outside the bank; money orders, cashiers checks, and prepaid cards could be created right from the machine. Machines could be even be equipped to handle merchants, accepting and dispensing cash and coin, payroll checks, and prepaid employee cash cards.

The beauty of all this, not counting the labor savings, which Busby said could pay for the equipment within a year, is that it all ties in nicely with online banking. Upon return to their home or office, branch self-service users will be greeted with an email summarizing the transactions with links to online banking to view images of any paper checks or statements scanned in the branch, and to take any action related to the in-branch transaction. It’s similar to the way the airline check-in process is spurring travelers to go online and check-in prior to the trip to the airport.

Paperless Banking

Another chord struck at Retail Delivery was the growing threat to consumer confidence in online banking, and by extension banking in general, due to the proliferation of spyware, worms, Trojans, fake messages, as well as the mixed messages from financial providers, the media, and government regulators. Jim Van Dyke, whose Javelin Strategy  consultancy is doing pioneering work in this area, presented not one but two sessions on paperless banking. He looked at 44 criteria at 39 leading banks, determining that BofA, Wells Fargo, E*Trade, and Zions had the best total safety rating .

That’s great information on those 40 banks, but what about the other 20,000 U.S. financial institutions? How do consumers determine if they are dealing with a “best practices” bank or credit union? Not to beat our own drum too loudly, but we hope our Safe2Bank certification will go a long way in educating, and, more importantly, reassuring consumers and the media about real fraud threats, both on and offline.                                                                                       


Jim Bruene, Editor & Founder,

*As soon as Mr. P swiped his card, his name, account history, and recent service issues instantly appeared on a screen visible only to the human teller. The customer record could also be enhanced with family names, pronunciations, and even the occasional cross-sell prompt. While this teller-automation technology has been available for years, the typical teller is too busy handling transactions to really converse with the customer

Gold Credit Report Package from Equifax

If you are looking for ideas on how to create a steady stream of fee income from your online presence, look at how the credit report marketers have continued to command premium prices even as the government mandates annual free credit report access.

We like Equifax ‘s approach. A laundry-list of features and benefits divided into a GOLD and SILVER offering. Gold, at $100 per year provides little more than Silver at $50 per year, but with a 30-day free trial, why not give it a try. Cleverly, the cheaper Silver plan does NOT have a free trial period. Many consumers will check out the Gold and never remember or bother to switch back to Silver.

By the way, we first heard about this offering through a banner ad on eBay in June.

Easy Anti-Phishing Defense for Banks


With phishing reaching epidemic proportions (see chart), you need to look for ways to reinforce the authenticity of your website. Few banks have adopted one of the simplest trust building tools: greeting customers by name. This is simple to do through site registration and cookies. Online retailers have been doing this for years, it's time banks jumped on the bandwagon. Once registered, when accessing your website, either through an email link or via direct surfing, users will know they've come to the right place.

For more information on anti-phishing defenses, read OBR 102, No Phishing: Enlisting users in your battle against fake emails

U.S. Bancorp’s Stingy Email Storage

Usually we discuss innovations, this is an exception. We’ll call this a non-innovation, non-ovation for short.

In a time where all the huge Web-based email providers, led by Google’s free 1 GB of storage, U.S. Bank decides to delete emails sitting in customer in-boxes (within their online banking platform) after just 30 days. This includes estatement notifications.

Assuming the average customer gets one message per month, and each message is 2k in length, that saves about 20k in storage costs per customer, compared to keeping the messages for one year. Assuming the marginal cost for disk space is $10 per GB, that policy change will save an awesome 2 one-hundredths of a cent per customer per year, or $200 per 1 million customers.

Extensive online archive space is one of the biggest benefits of banking online. Don’t be pinch pennies on one of the lowest-cost aspects of your online Usually we discuss innovations, this is an exception. We’ll call this a non-innovation, nonovation for short.

In a time where all the huge Web-based email providers, led by Google’s free 1 GB of storage, U.S. Bank decides to delete emails sitting in customer in-boxes (within their online banking platform) after just 30 days. This includes estatement notifications.

Assuming the average customer gets one message per month, and each message is 2k in length, that saves about 20k in storage costs per customer. Assuming the marginal cost for disk space is $10 per GB, that policy change will save an awesome 2 one-hundredths of a cent per customer per year, or $2,000 per 1 million customers.

Extensive online archive space is one of the biggest benefits of banking online. Don’t be pinch pennies on one of the lowest-cost aspects of your online presence.


The full text of the message is repeated below:

Date: 09/14/04
To: Jim Bruene
From: U.S. Bank

Subject: Messages now refreshed after 30 days

In an effort to populate the message center with current information, all messages, including ones related to online statements, will be deleted after 30 days. However, online statements will continue to be available for up to 90 days and can be accessed in the Recent Statement area at the top and bottom of each account Transaction History page. Online statement customers will continue to receive a message in the Message Center when a new statement is available.

If you’d like to learn more about the future of online bank messaging, check out the Online Banking & Bill Pay Forecast: Current, future and historical usage: 1994 to 2016 from our sister publication, The Online Banking Report.

ComputerWorld Op-Ed on Phishing

Phishy e-mails and Web sites: What’s your responsibility? – Computerworld

Larry Ponemon, founder of the Ponemon Institutute, and new IT ethics columnist for ComputerWorld, writes about phishing this week.

His accout is unusual in the detail. His company surveyed 411 customers of a major retail bank that claimed to have clicked on a phishing email in May 2004 and who contacted the bank’s customer service department seeking help. Of the sample, 65 (16%) provided account details in the scam. Of those, 5 (8% of 65) reported account losses totally $50,000. Doing the math, that means a little more than 1% of those clicking on the fake email lost money, averaging $10,000 per loss, or $120 per customer who clicked. Pretty good money for the crooks if you don’t get caught.

More interesting is that 310 (75%) felt that the bank’s service reps were unprepared to deal with the problem. Nearly 60% of the total sample, a whopping 243 customers, said they would close their accounts at the bank. Even if just a quarter followed through, that’s 61 lost customers (15% of 411). Assuming each customer represents a NPV of $1000 to the bank, that’s another $60,000 in losses, bringing the total to more than $100,000.

Dr. Ponemon closes with five ideas for fixing the problem.

If you have been trying to convince senior managment to approve funding of additional security measures, by all means forward this article to them.

GeoTrust’s TrustWatch Toolbar

There’s a reason why everyone and their uncle are offering toolbar’s that
plug-in to Internet Explorer. They are a convenience to customers and a
tremendous branding opportunity. The latest entrant from GeoTrust’s TrustWwatch
unit: a privacy toolbar. It’s similar to Ebay’s Account Guard function with a
green light for “verified” websites, yellow for “not verified,” and red for
“warning,” websites on their black list. If you are working on a bank-branded
toolbar (see OBR 85), consider licensing this functionality from GeoTrust
 Also, if you haven’t already done so, make sure your website is verified by
submitting it to one of the trusted third party certification authorities such
as Entrust, Betrusted, or GeoTrust.