Robert McMillan, IDG News Service
The Bank of America's rollout of a stronger user authentication
technology has hit a snag and is now expected to be completed in early
2006, several months later than originally planned.
The nationwide bank had expected to make a new authentication service,
called SiteKey, mandatory for all of its 14.3 million online banking
customers sometime in October. Now, that date has been pushed back to
early 2006, according to Betty Riess, a Bank of America (BofA)
spokesperson. "We've made some adjustments in terms of the rollout
schedule," Riess said.
She declined to comment on what exactly had caused the delay, saying
only that "sometimes when you get to actually doing the
implementation, you make adjustments."
Some Customers Upgraded
Still, a large number of the BofA's U.S. customers are already using
SiteKey. The system presently is in use in the Southeast, Midwest, and
Southwest, and is expected to be in use in California, the Northeast,
and Northwest by year's end, Riess said. Most customers will be forced
to adopt the system by year's end, with the final two states --
Washington and Idaho -- going online in early 2006.
Based on software developed by Menlo Park, California's PassMark
Security, SiteKey is able to recognize when a Bank of America account
is being accessed via an unknown computer. It can then generate a
predetermined "challenge" question, adding another level of security
to the process of logging in. The software also lets users choose a
specific image -- a photograph of a dog, for example -- that can then be
re-shown to users in order to reassure them that they are actually
visiting the Bank of America Web site, and not some other site
masquerading as www.bofa.com the corporate site.
Ahead of Regulations
The SiteKey rollout may put BofA ahead of the curve on new federal
regulations, which are due to take effect next year.
Last week, the Federal Financial Institutions Examination Council
(FFIEC) released guidelines calling for U.S. banks to use a stronger
form of authentication than the username and password logins typically
used for online banking today. The guidelines call for Internet
bankers to now add a new form of authentication to their online
banking systems by the end of 2006. They do not spell out what exactly
what this technique must be, leaving banks some leeway to develop
their own approaches to stronger authentication.
Though Riess declined to comment on whether or not the BofA's system
met these requirements, PassMark believes that its software qualifies,
according to Mark Goines, PassMark's chief marketing officer.
In addition to the BofA, PassMark's software is being used by Stanford
Federal Credit Union, in Palo Alto, California, Goines said. Online
brokerage Scottrade is also in the process of rolling out the
software, he added.
Copyright 2005 PC World Communications, Inc.
NOTE: For more telecom/internet/networking/computer news from the
daily media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra/more-news.html . Hundreds of new
*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance, PC World Communications, Inc.
For more information go to: