What's being done - banks
Banks use a combination of safeguards to protect your information such as employee training, privacy policies, security and encryption systems. They have systems in place to constantly monitor transactions and if a transaction is identified as suspicious, it will be investigated to ensure there is no breach of security. Occasionally, this may involve a bank staff member contacting you to verify a transaction.
Bank customers protected from loss in genuine fraud cases. Account holders are not liable for losses resulting from unauthorised transactions where it is clear that user has not contributed to the loss. There is usually an investigation by the bank to determine how the fraud has occurred.
Banks are continuing to seek out security enhancements especially for online banking such as an on-screen keypad which is designed to prevent the incidence of keystroke logging fraud by removing the need for a keyboard to enter in passwords.
Others are offering what’s called two-factor authentication. An example of one factor authentication is the use of a password to enable access to Internet banking.
Two-factor authentication requires two independent authentication steps for a customer to access Internet banking. Customers will authenticate their identity and access to the system twice, first with something they know and then with something they have.
There are several ways that two factor authentication can be offered to the customer. It can be completed through a SMS payment security service, which sends a unique code via SMS to a customer's mobile phone to authorise online payments. Customers have already logged on to Internet banking using a password and then need to enter the SMS code before they can finalise the online payment.
Two factor authentication can also be offered through a device known as a security token that looks like a pager. It is a device issued as a credential. A token is likely to include security features that render it difficult to forge, and tying it in some manner with the particular entity – in this case the bank that issues it. To log on to Internet banking the customer uses their password and then the number generated by the token, which is then keyed in at the desktop to enable access to an Internet banking session.