Zions Bank secures Web banking with RSA's two-factor authentication
20 July 2006 | 2667 views | 0
Source: Zions Bank
Zions Bank, a subsidiary of Zions Bancorporation (Nasdaq: ZION), announced today enhanced identity theft protection for clients using Internet Banking.
By introducing the new feature, called SecurEntry, Zions becomes the first Utah bank to offer two-factor client authentication. The Federal Financial Institutions Examination Council (FFIEC) has issued guidance for all national banks to offer enhanced authentication strength by year-end 2006.
"As online fraud has grown more sophisticated, Zions Bank has recognized the critical importance of assuring our customers that they can conduct online transactions anytime and anywhere, without worrying about the security and integrity of Zions Internet Banking," said Lee Carter, director of Zions Internet Banking. "Our new SecurEntry feature means we bring an even higher level of protection against fraud and identity theft to our valued clients."
Zions Bank's SecurEntry feature uses RSA Security technology. It comes at no additional cost to Zions Internet Banking clients, and does not require special hardware or software.
Customers will continue to access their accounts using their current login ID and password. They will also be asked to set up their personalized SecurEntry. First, they will select from a library of images - ranging from a photo of a Labrador puppy to a sketch of pansies - and will create a corresponding caption, both known only to the Internet Banking client. After setup, users will see their secret picture and phrase each time they log in so that they can rest assured they are accessing Zions Internet Banking, rather than an imposter site.
Because most users access their accounts from one or two computers (i.e., machines at home or work), SecurEntry will remember their computers using standard secure cookies. In the event that a customer needs to log in from a different computer, SecurEntry will ask "challenge questions" to further verify the client's identity. When setting up their personalized SecurEntry, clients will select three challenge questions and provide the answers known only to them. For example, they may choose the question: "In what city did you take your honeymoon?" When logging in to their accounts using unfamiliar computers, users must provide the correct answer to the randomly selected challenge question before accessing their account information.
Initial SecurEntry setup will take just a few minutes for clients. Thereafter, time spent logging in to accounts should be comparable to the time spent prior to the addition of SecurEntry features. The result is two-way security, authenticating the bank's Web site to its customers and vice versa.
Not only does SecurEntry provide a higher level of security for Zions Bank customers, it also allows the bank to use risk management and transaction analysis tools to identify potentially fraudulent activities. The result is end-to-end protection for financial institutions and their customers against phishing, spoofing, keyboard logging and other fraudulent attacks.
Zions Bank's SecurEntry feature meets guidelines outlined by the FFIEC's Authentication in an Internet Banking Environment, released in October 2005. Advising national banks to conform to its guidance by year-end 2006, the FFIEC issued the recommendation to reflect changes in protection of customer information, increased incidence of identity theft and fraud, and the introduction of improved technologies and other risk-mitigation strategies.