What are banks for?
Stopping thieves, dummies.
Its a modern misconception among many banks and their customers that they are simple service-based institutions. How friendly are the staff in the local branch, what sort of interest rate is on offer, how lush are the pot plants and pleasing the décor?
In point of fact, banks have always been, and always will be, primarily security organisations. They take peoples money in one manner or another and guarantee to return it if the customer asks for it at some point in the future.
They are, then, the sensible alternative to keeping money in a cupboard or under the bed. In the meantime, they dont let anyone walk out the door with it under any circumstances.
There is nothing brought about by of electronic banking that changes this fundamental point. Banks secure money, or there is no need for banks at all.
The news that a large UK bank, Lloyds TSB, is to invest in a token-based security system for online banking is a welcome sign that banks are rediscovering their security heritage.
A step in the right direction perhaps, but tokens will not be a decisive blow in the war against banking fraud on their own. Just because theyve been tardy at securing the perimeter of their online security the part used by the customer doesnt mean that solving this problem is the end of the security problem.
At a banking level, there is little point is securing network access if that becomes a thin crust covering over a fundamentally insecure banking setup. What if the criminal gets past this layer, as some inevitably will? Once inside many of todays systems, they can still run amok.
Banks still build systems in what are known as silos, which translates as specific banking products. Depending on which bank, this could be a credit card, or other financial product, or even the branch banking network itself. Security integration between these can be very weak, which makes securing against non-transactional frauds such as ID theft a matter of chance.
Banks, therefore, need effective fraud detection and systems for stopping (and not just mitigating) identity and other complex fraud at layers deeper down in their networks.
The other area that needs to be looked at is the security of the customers PC. The day when a customer will not be able to log on to an online banking system (or even go shopping online), without meeting a basic standard of security must be fast approaching.
There is no time for simple customer education as that would take too long. Technology mostly created the problem by offering powerful features without securing them first, so technology will be needed to provide the solution.
Some such as Lloyds TSB appear to have worked most of this out for themselves, but they are well ahead of the pack. Unfortunately, there are still plenty of banks who prefer to sit on their hands and soak up some insight from the work of others.
In the old days where stick-ups were the only way of stealing money from a bank, people would have thought poorly of a financial institution that didnt have heavy metal doors on its money vaults. They were there for reassurance. Why should it be different now that the vaults have gone? It is still the customer that pays for crimes of fraud in the long run.