Fed by media reports, often wrongly implicating online banking in fraud
problems the public is becoming exasperated with the growing assault on
their computing. Spyware, adware, spam, viruses, worms and phishing are
enough to drive consumers back to that comfortable spot on the couch where
all they have to worry about is what show’s on next.*
At Online Banking Report, we’ve watched the growing backlash with great
concern. Although we’ve written about it, we want to do more. We’ve been
telling reporters for years that overall online banking is safer than
the paper processes it replaces. To get that message out to a broader
cross-section of consumers, we are launching the Safe Banking Initiative
(SBI) to foster education and awareness of safe online banking practices
within the industry and to educate the marketplace, especially the media, as
to the real risks of various banking and payment options, both online and
off. Its business model will be similar to the Underwriter’s Lab in
the electrical appliance field. The SBI website (under construction) will
contain educational information along with a database of certified banks.
Safe2Bank Online (S2BO) Certification
One of the first efforts will be the deployment of the Safe2Bank
Online Certification program that will allow regulated financial
institutions to apply for a safe banking logo that can be displayed on their
websites. The idea is help consumers know when they are visiting a financial
institution that adheres to the Safe2Bank guidelines. We plan to make
the scorecard criteria open to the public via the Safe2Bank website, but the
weightings, actual scores, and score cutoffs will remain confidential
(although participating financial institutions will receive a full copy of
their weighted scorecard and comments).
The guidelines are still in development, and we are looking for your
input. The first draft is listed on pages six and seven. To become
certified, financial institutions must achieve a yet-to-be-determined
minimum score across the 80 items. Financial institution will not have to
pass all 80 guidelines to become certified, although there may be certain
required items such as a visible privacy policy, secure password-reset
procedures, and so on. Certified financial institutions will have their
names, Web addresses, and contact info listed on the Safe2Bank website. They
also have the option of licensing the mark to display on their own websites
and marketing material .
To become certified, financial institutions must answer a questionnaire
on their online banking features and processes (all questions related to
publicly available material). Answers will be verified by an SBI employee
and scored using the criteria in Table 2 . Each factor will be weighted, and
partial credit will be available on certain guidelines. The resulting score
and comments from the evaluator will be shared with the participating
financial institution. The audit deals only with publicly visible features
and processes: it is NOT a back office or network security audit like the
SAS 70 or other regulatory reviews.
*As we were going to press, another story ran on The NBC Nightly News
about $90,000 lost by a small business apparently aided with information
obtained from a personal computer (reference:
msnbc.msn.com/id/6713753).
|
Table 1 Safe Banking Initiative Timetable
Source: Online Banking Report, 12/14/04 |
Timing & Cost
Financial institutions are encouraged to apply now for certification. The
first wave of certified financial institutions will be announced at the
launch of the consumer education campaign, currently slated for second
quarter 2005. Financial institutions will be certified in the order of
application, so the earlier you return the reservation form, the sooner
you’ll be eligible. The cost for the certification audit is $500 payable
with your reservation form (see enclosed). The fee is not refundable,
but those not passing may reapply within 12 months for half price.
Licensing the Safe2Bank logo
Financial institutions passing the S2BO audit will have the option of
licensing our Safe2Bank Online logo for inclusion on their websites
and marketing materials. Licensing cost will be no more than $1000 annually
during the launch period. Final pricing will be announced in first quarter
2004.
Consumer Awareness Campaign
As the certification process unfolds, we will initiate a far-reaching,
consumer-awareness campaign. Part of that effort will be to help each
certified bank make a splash in their home market. SBI will assist in
issuing a joint press release and will participate in other media events as
well. Online promotional efforts will also be used to raise awareness of the
Safe2Bank designation.
Reservation Form
We have enclosed a signup form with this newsletter. Receive one via
email by sending a request to
anita@onlinebankingreport.com
Organizational Structure
The SBI is a wholly owned division of Financial Innovations, publishers
of Online Banking Report since 1995. The managing director is Kate Schultz
who brings to SBI a long track record of organizational leadership in the
nonprofit sector along with 10 years of contributions to Online Banking
Report. All guidelines will be reviewed by an industry advisory board
(below) before being finalized.
SBI Advisory Board
We consider every OBR subscriber to be an unofficial SBI advisor. So
please provide your input on the S2BO scorecard and any other aspect of the
initiative. We are also assembling a more formal advisory panel from the
industry to review the criteria and submit comments. If you would like to be
on the official panel, please email
kate@netbanker.com . The position is voluntary and unpaid with a
relatively small time commitment**
(no meetings!). Membership is limited with preference to financial
institution employees.
Confidentiality
Although all the information obtained in the audit will be publicly
available, we understand the sensitivity of the industry to the threat of
hacking and leaks. Therefore, all audit results will be kept in
password-protected files on computers not connected to the Internet.
*Financial institutions are encouraged to obtain an opinion from their
compliance and legal staff on the ramifications and implied liabilities,
if any, of using the Safe2Bank logo.
**The time commitment should be no more than a few hours each quarter.
Safe2Bank Online Scorecard Beta Version 1.0
Table 2
Safe2Bank Online Scorecard
Source: Online Banking Report, 12/04
References: Security and Privacy Report, OBR 93/94