Bank of America is rolling out a new security measure to

fight phising scams. The new SiteKey system uses images and text to reassure

customer they are using a genuine Bank of America Web site.

While I’m glad Bank of America is taking steps to protect

their customers from phishing attacks, I’m more concerned with insider data

theft. In May Bank of America notified at least

60,000 customers that their accounts might be at risk. Bank of America

employees gave or sold account information to DRL Associates, a company that

claimed to provide bank account, balance, and employment information to debt

collectors. The data was then sold to collection agencies and law firms, among

others. In February Bank of America lost backup tapes containing Social Security

numbers and credit card information of 1.2 million U.S. government employees.

Malicious employees and data handling mistakes pose a far

greater risk than phishing attacks. Recent security breaches illustrate that Bank

of America and other organizations could do better do protect the person data

customers entrust them with.