Bank of America is rolling out a new security measure to
fight phising scams. The new SiteKey system uses images and text to reassure
customer they are using a genuine Bank of America Web site.
While I’m glad Bank of America is taking steps to protect
their customers from phishing attacks, I’m more concerned with insider data
theft. In May Bank of America notified at least
60,000 customers that their accounts might be at risk. Bank of America
employees gave or sold account information to DRL Associates, a company that
claimed to provide bank account, balance, and employment information to debt
collectors. The data was then sold to collection agencies and law firms, among
others. In February Bank of America lost backup tapes containing Social Security
numbers and credit card information of 1.2 million U.S. government employees.
Malicious employees and data handling mistakes pose a far
greater risk than phishing attacks. Recent security breaches illustrate that Bank
of America and other organizations could do better do protect the person data
customers entrust them with.