ING Direct Rewrites the Book on Check Security

For the first time in its 11-year history, ING Direct is sending customers checkbooks. But the checks are useless until they pass a gauntlet of security measures the online bank designed.

ING Direct's patent-pending process requires customers to first go online to activate each checkbook, much like they would activate credit cards by phone before their first use. Customers cannot order checks with custom images (no pictures of family members or Snoopy), because the design of each check is also part of ING Direct's security.

The checks are available only to holders of the Electric Orange account, which ING Direct introduced in late 2006. The product was conceived as a "checkless checking" account; the bank hoped customers could make all payments online.

But "there was enough demand [for paper checks] in the market, unfortunately," says Todd Sandler, ING Direct's head of product strategy. "It's not something that our customers want; it's really something they need. … Customers begrudgingly feel that they need to have paper checks until the rest of the world catches up."

So on Tuesday, ING Direct began letting its customers order checkbooks. Before that, if customers wanted to send a check they had to request each one online, one at a time, and mailed directly from the Wilmington, Del., bank.

That process, which is still in place today for those who do not want to use a checkbook, requires customers to go online and authenticate themselves for each check they write. This provides some measure of security that disappears when customers write their own checks from home, so ING decided to add layers of security other banks don't use.

Each of its checks has a randomly generated security code printed at the bottom after the check number. If the checks were not activated or the security code does not match up, ING won't clear the check, Sandler says.

ING Direct also sends an alert when each check is cleared, so the customer can keep an eye out for suspicious transactions. If a customer pre-fills an online ledger with the check's recipient and memo, that information will appear in the alert, Sandler says.

Capital One Financial Corp. is in the process of buying ING Direct, the U.S. unit of ING Group NV of Amsterdam. That deal is expected to close by the first quarter of 2012.

Many banks are doing the opposite of what ING Direct is doing, trying instead to streamline the process of using checks. For example, banks that let customers open accounts online can permit customers to begin using checks immediately, instead of waiting for a signature card. Those banks use the signature from the first check to compare against later ones.

"We always try to reengineer the way things are done … given the fact that we are a direct bank," Sandler says. ING Direct's 8 million customers have already shown that they are willing to sacrifice the convenience of branch access. They are also willing to change other habits to improve security, he says.

"It really comes down to the [company's] philosophy," Sandler says. "ING Direct was not created to serve every customer in the United States."

Its reinvention of the process of ordering checks follows ING Direct's decision to stop letting customers give their passwords to online personal financial management websites. These sites, including Intuit Inc.'s Mint, pull in financial data from multiple accounts by using credentials customers provide.

In May, ING Direct began requiring its customers to instead provide a separate credential that allows read-only access to financial data. A fraudster would not be able to use that code to move money from a customer's account.

Sandler says ING Direct is continuing this strategy of reinventing common banking processes to improve security. "We have a couple of things up our sleeve" that the company plans to unveil this year, he says.

ING Direct's approach to check security "is certainly something that, I think, a number of banks would entertain" emulating, but they may not prioritize it, says Julie Conroy McNelley, a senior risk and fraud analyst at Aite Group LLC.

According to her research, banks consider check fraud "second only to debit fraud, in terms of the type of fraud that is causing them the greatest point of pain," she says. "But checks are also diminishing at a significant rate, so I think that you see less innovation around the check."

ING Direct's approach should help it deal with the risk of counterfeit items, McNelley says. And with fraudsters experimenting with new malicious software to compromise bank accounts, the threats banks face today are vastly different from those they faced when many of their security processes were invented.

"Going back to the drawing board on a lot of these processes is a great idea," McNelley says.

For reprint and licensing requests for this article, click here.
Bank technology Consumer banking
MORE FROM AMERICAN BANKER