Question

Describe some of the security features your bank uses to safeguard your account(s). Do you feel that your account(s) are safe? Why or why not?

Answer 1

Some of the security features that a bank generally uses to secure customers accounts are explained below--

ENCRYPTION

Encryption scrambles data you exchange online and reassembles it using “keys” that make it readable. Look for a web address that starts with “HTTPS” rather than “HTTP” — HTTPS is the secure version of HTTP and this part of the web address indicates that all communications between your browser and the website are encrypted.

Then, look for an icon or picture of a closed padlock before the bank’s name in the address bar. The bank’s name typically precedes its web address.

Digital Certificates

A Secure Sockets Layer, referred to as an SSL certificate or digital certificate, authenticates the website. This process is called “third-party validation” or “third-party verification” because it’s implemented by outside companies such as Entrust and Verisign. TD Bank, for example, uses a certificate type called Transport Layer Security.

Some bank websites, such as Bank of America’s, display the bank name in a green-shaded bar displayed immediately before the web address in your browser’s address bar. This green shading indicates the site uses a third-party Extended Validation or EV certificate.

Authentication

Authentication verifies the identities of the bank’s website and the user, so that each side knows the other is legitimate. Banks use a variety of features to authenticate your password.

Woodforest National Bank, for example, offers a mobile authentication app customers use in place of security questions. The bank also verifies authenticity via text and login challenges requiring customers to take an additional step to verify their identities.

Axis Bank employs a one-time password, or OTP, for certain transactions. Customers begin a transaction using a registered mobile device or email account. When prompted, they enter the OTP to access the account. The OTP expires after 30 minutes.

Biometric authorization identifies individuals by physical features. Examples of this technology include fingerprints, voiceprints, iris scan and facial recognition. Their accuracy stems from the fact that none of these features is exactly the same in two different individuals, making biometrics an effective tool for fraud protection.

USAA customers can use fingerprints, face or voice for secure access from a mobile device. The user employs facial recognition by taking a selfie or uses voice recognition by recording a phrase provided by the bank’s system. Touch ID uses the customer’s fingerprint to verify identity.

TD Bank customers can enroll in TD VoicePrint. The bank’s software captures the customer’s voiceprint during an enrollment conversation with a customer service representative. The voiceprint is securely stored, and the customer can use it to bypass security questions during login.

TD Bank and Woodforest National Bank are two examples of financial institutions that use two-step authentication, also referred to as multi-factor authentication, to improve security. Customers are guided through a multi-step password-verification process, such as entering a single-use code the bank’s system sends to the user’s mobile device after the user enters a password.

Secure Messaging

Secure messaging provides a safe means of communication with your bank and protects you against phishing and other scams. The scammers send you an email that looks like your bank’s, in attempt to persuade you to divulge sensitive information when you respond to the fake mail.

PNC Bank offers secure email in addition to several other communication options on its customer service page. Wells Fargo has a customer service link at the top of each page that takes users to a page with access to secure email.

Limited Login Attempts

If you’ve ever entered your password incorrectly, you may have seen a warning that too many attempts might cause your account to be locked. This is your bank’s way of preventing a brute-force attack. A brute-force attack is one in which hackers try to get into a system by making repeated attempts using a variety of password combinations. Limited login attempts reduce the risk of a brute-force attack by locking users out after a small number of incorrect password entries.

Farmers Savings Bank, for example, allows three attempts. After that, customers must reset their passwords by calling customer service or by making the request online and verifying it via email. Landmark National Bank also limits users to three attempts before locking access to the account.

Fraud Alerts

Monitoring customer accounts for signs of unusual activity serves as an important asset protection tool because it helps banks catch fraudulent and unauthorized use quickly. The banks use fraud alerts to notify customers that their accounts might have been compromised.

Citi customers can receive their alerts via email, postal mail, phone or text. United Bank customers can download the “UBAlerts” app or receive alerts by text, phone or email, and PNC Bank has a security alert program that sends notifications via text or email. None of these banks charges for fraud alert services.

Fraud Protection Software

Fraud protection software supplements your anti-virus program to protect you against fraud. An example of this software is Trusteer, which financial institutions such as Bank of America and Woodforest National Bank make available as a free download. The software runs in the background and alerts you to such cyberthreats as phony bank websites, phishing and keylogging schemes — a scammer tracks the keys you hit on your keyboard without your knowledge. Trusteer updates automatically, so you don’t need to think about it once it’s installed.

Yes i do feel safe about my account in bank as my bank allows me to do transactions with a 6 digit pin which is unique for every transactions and that pin is recieved to my registered mobile number only while doing transactions so... it protects from fraud transactions .