Bank of American fights phishers but malicious insiders pose greater threat

Bank of America is rolling out a new security measure to

fight phising scams. The new SiteKey system uses images and text to reassure

customer they are using a genuine Bank of America Web site.

While I'm glad Bank of America is taking steps to protect

their customers from phishing attacks, I'm more concerned with insider data

theft. In May Bank of America notified at least

60,000 customers that their accounts might be at risk. Bank of America

employees gave or sold account information to DRL Associates, a company that

claimed to provide bank account, balance, and employment information to debt

collectors. The data was then sold to collection agencies and law firms, among

others. In February Bank of America lost backup tapes containing Social Security

numbers and credit card information of 1.2 million U.S. government employees.

Malicious employees and data handling mistakes pose a far

greater risk than phishing attacks. Recent security breaches illustrate that Bank

of America and other organizations could do better do protect the person data

customers entrust them with.

By Bill Detwiler

Bill Detwiler is Editor in Chief of TechRepublic and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop support specialist in the ...