Several small banks are launching heightened security programs this month to try to thwart identity theft and make customers feel more comfortable with online transactions.
West Chester, Pa.-based Stonebridge Bank and Corpus Christi, Texas-based American Bank are among the financial companies rolling out an optional program that relies on RSA Security Inc.'s "strong authentication" tokens, battery-powered devices that display a different 6-digit password every 60 seconds. To conduct online transactions, the customer must enter the random number on the display, as well as a user name and password.
The program is similar to an optional log-in service America Online and other financial services companies have introduced in recent months.
So-called multi-factor authentication — requiring the user name and password, as well as a 6-digit code, thumb print, retina scan or other data — is common in Scandinavia, Brazil and Singapore. In the United States, it's generally limited to employees accessing office networks remotely or people with high-value financial portfolios.
But with so many sites requiring passwords, many online shoppers and bankers have created simple passwords that are easy to guess — or they post them on sticky notes at their computers. Last year, more than 9.9 million Americans became identity theft victims, costing the country roughly $5 billion, according to the Postal Inspection Service.
Fred Schea, chief financial officer of Stonebridge Bank, says the new program provides extra security without making customers remember another password. It also reduces risk for people who do their banking from laptops or public terminals at libraries, Internet cafes or other sites frequented by hackers who "sniff" passwords.
"We believe in the future multiple authentication levels will probably be required at most banks," Schea said. His bank will offer the RSA system for free to all 4,500 online customers for a year, then charge an annual $25 fee.