fight phising scams. The new SiteKey system uses images and text to reassure
customer they are using a genuine Bank of America Web site.
While I'm glad Bank of America is taking steps to protect
their customers from phishing attacks, I'm more concerned with insider data
theft. In May Bank of America notified at least60,000 customers that their accounts might be at risk. Bank of America
employees gave or sold account information to DRL Associates, a company that
claimed to provide bank account, balance, and employment information to debt
collectors. The data was then sold to collection agencies and law firms, among
others. In February Bank of America lost backup tapes containing Social Securitynumbers and credit card information of 1.2 million U.S. government employees.
Malicious employees and data handling mistakes pose a far
greater risk than phishing attacks. Recent security breaches illustrate that Bank
of America and other organizations could do better do protect the person datacustomers entrust them with.