By Hiawatha Bray, Globe Staff | December 29, 2006
People who do their online banking with Cambridge Savings Bank will
find it a little harder to log on in the New Year. But bank
executives don't think the customers will mind. It's for their own
good -- and besides, it's the law.
A federal regulation mandating tougher online financial security
measures will take effect Monday. Banks, credit unions, and other
financial institutions must begin using enhanced technologies to
protect customer data against identity theft. Many of the nation's
biggest banks, including Bank of America, have already introduced
"multi factor" authentication systems that go well beyond the
traditional user name and password approach to prevent Internet
fraud. Other smaller banks, which buy their online banking services
from independent contractors, are scrambling to meet the coming
Mark Tracy, senior vice president of back technology and operations
at Cambridge Savings, said his company has been testing its new
authentication system for the past two months, with help from
customers who've agreed to try it. "It's been pretty successful so
far," said Tracy. "In January, we'll be making it mandatory."
Cambridge Savings customers will receive a user name and password when
they sign up for the service. In addition, the first time a customer
uses his home or work computer to do some banking, the machine is
given a unique digital "fingerprint" associated with the customer's
password. Whenever he banks with that computer, the bank software
checks his user name, password, and computer fingerprint before
processing the transaction.
If someone tries to log in from a machine that isn't fingerprinted,
the bank will send a confirmation message to the customer's e-mail
address. A crook who's stolen somebody's user name and password
probably won't have access to the victim's e-mail account, so he can't
reply to the message, and won't be allowed to log in.