Gmail’s Security Improvement—Lessons for Banks from the Email World?

Ed Kountz | July 10, 2008, 08:00 AM

Google this week introduced an interesting email security enhancement, which is worth a second look, as financial services firms seek online security elements that go beyond those introduced in response to FFIEC guidelines in 2006.

Since the FFIEC announced that the long-standard UID/ PW combination would no longer be enough to secure sensitive banking transactions in October 2005, leading banks have adopted a variety of options to increase login security. These vary greatly...from the continuing use of SiteKey (and now one-time codes delivered to mobile devices, for opt-in customers) at BofA, to the User ID, PassWord, Virtual Keyboard/ Second Password option in use at HSBC.

But what's been lacking...and what the Google tool cleverly addresses, is essentially a higher level of security control.

The tool allows Gmail users to view when activity last occurred within their Gmail account, and to see if an account is still open in one location when a consumer is in another.

LINK

The tool allows consumers greater control over a higher dimension of online security, enabling remote monitoring (and monitoring from multiple PCs), as well as greater session control. While a small feature, it is worth the review of FS firms, and others seeking to offer consumers greater remote control and auditability of recent activity.

While a significant portion of online consumers report feeling safe accessing their bank account online—as distinct from other online activities, where regular readers know that concerns about data security remain highly prevalent—JR data also show that many consumers say they are not wedded to existing log-in processes, and would make (reasonable) changes if the result is increased online security. Upcoming JR research will consider this issue at more length.