By Martin H. Bosworth
ConsumerAffairs.com
September 26, 2006
Bank of America, JP Morgan Chase, and Washington Mutual get top grades in a report that rates banks for their efforts to prevent identity theft.
The Javelin Strategy and Research firm evaluated 24 major banks, comprising 60 percent of the American financial market, and tested each bank's responses for offering passwords, logging into online accounts, and so on. Bank of America topped the list because of its adoption of "two-factor" authentication.
"Two-factor" authentication uses additional measures for online access, such as identifying a specific picture the accountholder would recognize, or answering a particular password question.
The FDIC recommended last year that all major financial institutions implement programs to improve online banking security, such as the usage of security tokens, two-factor authentication, multiple passwords, and so on. The FDIC mandated better security compliance by the end of 2006.
Although the top-rated banks received glowing recommendations for their security improvements, many still suffer data losses and breaches with disturbing regularity.
JP Morgan Chase's credit card division, Chase Card Services, recently confessed to the loss of 2.6 million customer records belonging to Circuit City credit card holders. The records were mistakenly taken to a landfill and buried.
Bank of America endured multiple data breaches in 2005, including the loss of data tapes for 145,000 government and military cardholders.
Many of the bank's personnel were implicated in a scheme to sell customer records to collection agencies, and the bank later lost a laptop containing personal information for teenage customers of the bank's discontinued "Visa Buxx" program.
The Privacy Rights Clearinghouse keeps a regular tally of identity theft and data breach incidents, and currently shows 94 million customer records have been lost, exposed, or stolen by third parties since February 2005.
It was in February 2005 that ChoicePoint notified the public about the sale of 145,000 of its customer records to Nigerian identity thieves, which triggered the flood of stories relating to data breaches, laptop thefts and outside hacks of personal information.
Although ChoicePoint was fined $15 million by the FTC as a settlement for the breach, the FTC has yet to disburse the money it received from the settlement to any of the victims.
