The Truth about ID Theft from Javelin Strategy

Judging by media reports, almost everyone in the civilized world has lost their identity to cyber-criminals. But while there has been an unending torrent of news about data breaches and related identity thefts, the damage has been much less drastic than that, says a study from Javelin Strategy & Research.

“The impression in the general public is that identity fraud is spiraling out of control, but what we came away with is the contrary; the growth [in the phenomenon] has been contained,” says Rubina Johannes, the Javelin research analyst who wrote the report.

Continue reading “The Truth about ID Theft from Javelin Strategy”

Bank of America’s “Keep the Change” Banner on MSN

Bofa_msn_homepageAlthough we have concerns about the underlying program (see NetBanker Oct. 5, 2005), you have to tip your hat to the marketing execution of Bank of America’s Keep the Change campaign. Today a small but distinctive postage-stamp ad on MSN’s homepage, tied in with MSN Money headlines (see inset), invites readers to "Open a Checking Account and Keep the Change."

Bofa_msn_landingpageIt’s an intriguing headline and likely does well prompting clickthroughs. The landing page (click on inset right for a closeup) is also well done. A graphical explanation of the keep-the-change rebate is shown on the right, which helps alleviate the need for prospects to wade through the 479 words of fine print on the bottom of the landing page.

Another landing-page graphical element that you should immediately consider adopting: pictures of the three key banking products being pitched with simple checkboxes for selection (see below). However, in this case it’s used in a backwards fashion. Users are supposed to tell the bank which accounts they already have, rather than the ones they want to buy. This is counter-intuitive and should be redesigned.

Bofa_msn_landingpage_orderform_5

Bofa_msn_ddasav_appAfter selecting the BofA accounts already owned, users arrive on a secure Checking & Savings Account Application page that does a good job reinforcing benefits and referencing the original "Keep the Change" hook (click on inset left). A pop-up box offers live chat with a Deposit Specialist if desired.

Summary
The bank scores high for great online copywriting, superb graphics, and good ad positioning at MSN. We also like how Bank of America reinforces the benefits of automated savings. However, the offer is complicated and smacks of a gimmick that will do little to engender long-term loyalty or create a real savings ethic. Finally, the low 0.50 percent rate paid on the underlying savings account damages the program’s credibility and makes it less likely the account will be used to amass meaningful deposit balances.

Grades:
A+ for online advertising and sales (banner, landing page, application)
B+ for encouraging savings
C- for the debit card rewards program

Data Security Standards Set by Major Financial Institutions

A consortium of six major banks and the country’s largest accounting firms said Wednesday that they were setting uniform computer-security standards, designed to ensure that the third-party computer providers they do business with are adequately protecting both their computer systems and the information those financial firms send them.

“This is good news,” says Avivah Litan, vice president and research director of Gartner Inc. “I don’t think it goes far enough, but it’s smart for them [the institutions] to do it in steps, if that’s what they’re doing. But they need to do it beyond the service providers. They need to do it themselves”

Continue reading “Data Security Standards Set by Major Financial Institutions”

Fox leaving FinCEN for Bank of America

The Financial Crimes Enforcement Network (FinCEN) said today that William J. Fox, its director since Dec. 2003, is leaving to become senior compliance executive for compliance risk management at Bank of America (BofA). Fox starts at BofA on Feb. 21; he’ll be replaced as director by Deputy Director William F. Baity, effective February 4.

Continue reading “Fox leaving FinCEN for Bank of America”

Bank Alert Welcome Message

Bofa_alertwelcome_emailWhenever online banking users make changes to their account preferences, you should confirm with an email. It not only shows you are paying attention, but also provides customers the peace of mind that they accomplished the intended task.

Today we changed one of our account alerts at Bank of America <bankamerica.com>. Within a few minutes, we received this attractive email (see inset). However, you can tell that this particular message was crafted in the pre-phishing days, as evidenced by the old 2004 copyright date (lower left corner), the old 2000-2004 Olympic sponsor logo in the lower right, and hyperlinks back to the log-in page.

Action Items

  1. For better authenticity, include a personalized greeting, shared secret, or truncated account info in your message.
  2. Do not include hyperlinks back to the bank on routine, non-personalized messages.
  3. Update all messages at least annually so they don’t carry outdated corporate branding and/or copyright dates.

JB

Bank of America’s New Security Toolbar

Bofa_toolbar_closeupBank of America launched a co-branded version of Earthlink’s toolbar designed to prevent users from surfing to fraudulent websites. Of note is its official name, Bank of America Toolbar Powered by Earthlink. It’s highly unusual for a bank, especially the largest consumer bank in the country, to give a partner such high billing. Our guess, although unconfirmed, is that Earthlink is paying the bank for the product placement.

In a similar manner to eBay’s toolbar released in 2002, the BofA/Earthlink version uses red, green, and yellow lights to indicate whether a website is known to be safe (green), known to be fraudulent (red), or unknown Bofa_homepage(yellow). A popup blocker is also included. The toolbar is free and can be downloaded by any Internet Explorer for Windows user, you do not have to be a customer of the bank or Earthlink. According to Earthlink, a Mac version will be available soon. The toolbar does not work in other browsers.

The toolbar was announced in a press release today, and is accessible from a small link on the right of the homepage (click on inset for a closeup).

Analysis
Bank of America’s toolbar is the first of what we expect to be a major source of differentiation during the next five years: the branded desktop presence (see OBR 85, for more information). The Scamblocker toolbar is a relatively low-tech entry into the space. More sophisticated offerings, such as Southwest Airlines Ding (NetBanker, 5 Dec), are on the way later this year, if not at BofA, then at its U.S. competitors.

JB

Bank of America’s Unusual Automated Savings Plan

Bankamerica_keepthechange_graphic_1We’re not sure whether this is incredibly brilliant or insanely stupid, but Bank of America gets high marks for creativity with its latest debit card enhancement. The bank’s "Keep the Change" program allows debit card users to round up their purchase transactions to the nearest dollar, with the difference added to a savings account automatically.

To give it a bit more excitement, BofA will add a 5% bonus to each savings deposit. Since the average round-up amount is 50 cents, the bonus costs the bank just 2.5 cents per transaction, a very cost effective incentive program, if it works.

To kick things off, Bank of America will match the round-up amount 100% for the first 3 months. That will be like giving everyone a 50-cent discount on each transaction. That should spur signups for the program.  Bankamerica_keepthechange_math

Analysis
The overall concept of automatic or forced savings is excellent. The bank’s press release tosses out stats on the recent negative savings rate and quotes David Bach, the relatively well-known author of "The Automatic Millionaire," a best-selling book that espouses automated investing.

The webpage touting the program is attractive and well written. There are few items in the fine print that users will find potentially disturbing:

  1. You must visit a branch to enroll (ouch!)
  2. The savings account pays just 0.50% and will likely have a service charge unless a minimum balance is maintained (e.g., $300 minimum for Regular Savings)
  3. The savings account has a $100 minimum opening balance requirement
  4. The bank’s contribution will be made annually, and only if you keep your account open for a year

But despite the fine print landmines, we like how "Keep the Change" introduces consumers to the concept of automatic savings and helps them store away a few bucks a month. However, most people need more than nickels and dimes going into their savings account. To be more effective, this program needs an easy way for consumers to add to their savings amount beyond the monthly debit card cash.

For example, a month-end email detailing the total debit card change deposited could include a mechanism that allows users to designate an additional amount to be transferred into their savings account.

We don’t expect anyone else to copy this program, so it gives BofA a unique selling point for their checking accounts and debit cards. It should make a little money for the bank from increased debit usage and savings account growth, and it will give users a few extra dollars at the end of the year, so what’s the harm. But if you are truly interested in spurring automatic savings among your customers, there are more straightforward approaches that should be equally effective and far less complicated (see Online Banking Report, 120/121 for more on automatic savings).

Ref: Screenshot of Bank of America’s Keep the Change page on 5 Oct 2005

JB

Update: Bank of America’s SiteKey Goes Live in Tennessee

Sitekey_coming_soonBank of America issued a press release saying that it went live today in Tennessee with its OBR Best-of-the-Web-winning multi-factor authentication system. However, a search of the bank's website, using Tennessee as our state, found no mention other than the "coming soon" paragraph that's been posted for the past several weeks (click on inset to read).  

">Read our previous article.

–JB

 

Bank of America Unveils Multi-Factor Security for Consumer Accounts

Obr_bestofwebBank of America wins the race to be the first with a viable plan to secure consumer online banking accounts. In an announcement today, it becomes the first major U.S. bank to endorse multi-factor authentication for consumers at login.*

The system, already in use at Stanford Federal Credit Union, is called SiteKey. The clever approach from Bill Harris’s PassMark Security provides several layers of security to defeat phishing and keylogging attacks. The company calls it two-way two-factor authentication because not only does the end-user authenticate themselves to the bank, the bank authenticates itself to the user to defeat phishing schemes.

Here’s how it works (click on inset below for BofA page):

  1. User provides username
  2. BofA verifies that the login request is coming from the user’s previously registered computer; if NOT, user must successfully answer a challenge question based on previously registered shared secrets
  3. After passing steps 1 and 2, the user is shown their previously selected image, so they know they are logging into the true BofA server
  4. User enters their password

The service launches in mid-June in Tennessee with full roll-out by the end of the year.

Bofa_sitekeyAnalysis
Even though it’s long overdue, we applaud Bank of America for moving the industry forward. While the program won’t be available system-wide until year-end, we’re giving it an Online Banking Report "Best of the Web" now because it’s the biggest development in U.S. online banking for several years.

The BofA/Passmark system is ingenious for several reasons:

  • Unless a user logs in from a new computer, there is little extra work involved; just a two-step login with username, followed by the password
  • Requires no hardware or out-of-channel coordination by the end-user; shouldn’t cause a major increase in customer service expense
  • Defeats phishing by displaying a personal image prior to asking for password
  • Defeats keylogging with the rotating challenge question

If you are at one of the other 15,000 financial institutions in the United States, the clock is now ticking. As your customers find out they are not among the 13+ million consumers (BofA’s current online base) receiving extra protection, they will be demanding the same from you. And if you thought BofA was aggressive in its free bill pay promotion, wait until you see the marketing blitz on this one. Extra authentication simply MUST BE in your 2006 plans.

JB

*For several years, ING Direct has asked for a third bit of info at login, but the necessary info is relatively easy to obtain (for example, zip code). Also, earlier this year, E*Trade launched security tokens for its high-rollers. But BofA is the first with a broad, secure, and non-hardware-based approach.

Bank of America Tops One Billion Online Sessions Annnually

Also at the Net.Finance conference today, Linda Worrell from Bank of America reported that its online channel handles more volume than the call center and ATM network combined.

Here’s the breakdown:

13.1 million active online banking customers login in to their accounts an average of 10 times per month. That’s 130 million sessions monthly, or 1.6 billion annually.

In comparison:

  • the call center handles 825 million calls annually
  • the 16,000-machine ATM network processes 840 million transactions
  • its 5,800 branches handle 600 million

JB

If you’d like to learn more about the future of online banking, check out the Online Banking & Bill Pay Forecast: Current, future and historical usage: 1994 to 2016 from our sister publication, The Online Banking Report.

Starbucks gets Creative with Prepaid Cards

Email_starbucks_cardWhen it comes to stored value cards, Starbucks is the one to watch. It’s most recent innovation: a Mother’s Day "card" with a place on the plastic where you can jot a quick note to mom (see close-up below).

Don’t you wish you would have thought of that?

The Starbucks stored value card, first introduced in 2001, is just now being positioned as a collectible. Stores in the Northwestern United States and in Japan are selling a sealed $10 prepaid card carrying the likeness of popular Mariner baseball player Ichiro Suzuki. The cards are also sold online at Starbucks.com.

AnalysisStarbucks_ichiro_card
We believe stored value gift and travel cards are a natural for online banking. They provide an interesting retail element unavailable with most banking products.

The Starbucks email (click on the thumbnail above) is a good example. What bank product would have worked so well in a Mother’s Day promo?

In additio to their marketing benefits, prepaid cards command fees and can be profitable; no small matter in the United States, the land of free online banking and bill pay. 

Starbuck_mothers_day_card_1Ironically, Bank of America recently dropped out of the retail prepaid card business, most likely due to increased state rules and regulations on dormant account fees, one of the primary profit drivers for banks.

Don’t let BofA’s move worry you. Just be thankful there are now 12 million more potential customers for the rest of the industry to share.

JB