Home Banking: Netscape Security Breach Causes Jitters

The widely publicized breach of Netscape Communications Corp.'s encryption system has increased some bankers' concerns about providing financial services over the Internet.

But few expect that the incident will cause bankers to significantly curtail their involvement in on-line banking.

The trouble began when a pair of students at the University of California in Berkeley discovered a flaw in the secure communications software developed by Netscape.

The incident - while isolated and not extremely damaging, since no banks are running financial transactions over the Internet - has renewed concerns about the safety of exposing sensitive banking information to the vast and uncharted realm of cyberspace.

Several banks and financial service companies plan to create Internet- based systems that incorporate Netscape's technology.

Miles Ewing, an analyst with the now defunct Office of Technology Assessment in Washington, which advised Congress on technological issues, saw the incident as a minor one.

The compromise, he said, involved accessing passwords rather than breaking the code that is central to the software's composition.

Once Netscape and other technology start-ups stabilize and "get a better track record," Mr. Ewing said, the banks would feel more comfortable.

Though bankers, by and large, may have felt similarly, some were taking no chances.

Wells Fargo & Co., ahead of the curve in its on-line offerings, took down the on-line banking segment of its site on the Internet's World Wide Web last week, after word of the Netscape flaw came to the bank's attention.

The bank has been using Netscape's Navigator software to allow its customers to check their account balances. This is the first step in Wells' broader electronic banking strategy.

Margaret Avakian, vice president and manager for Wells' on-line financial services, said the bank will look carefully at other security precautions, though it has no plans to drop Netscape as a partner or to halt its work on-line.

Separately, the California bank is working with Cybercash Inc., another creator of security software, to develop a system for running transactions over the Internet.

Ms. Avakian insists the bank has always been "extremely cautious" and eager to expand its range of security measures surrounding on-line access.

But she admitted the recent breach of Netscape has made Wells more aware of the need for tight security.

Executives at Cardinal Bancshares, another bank using Netscape technology, did not seem ruffled by the incident.

Cardinal, a community bank holding company based in Lexington, Ky., strode into the spotlight six months ago when it announced plans to set up an entire bank unit on the Internet.

Since then, the bank has received regulatory approval and has been testing the systems underlying its Security First Network Bank.

The Internet-based bank is scheduled to open for business on Oct. 11, according to James S. "Chip" Mahan 3d, the chairman and chief executive officer of Cardinal. The Netscape incident will not delay the launch, he said.

"The encryption technology (in the Netscape product) is a mature, tried- and-tested technology that the government has been using for years," Mr. Mahan said.

Mr. Mahan added that Security First will be protected by several layers of security at the user's desktop and at the bank's operating system level.

He said the encryption software provided by Netscape is only part of the safeguards that banks employ to secure their accounting systems.

Paul J. Dravis, an analyst who follows on-line developments for J.P. Morgan Securities Inc., does not believe the Netscape snafu will "impede anyone," least of all Netscape.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER