Headlines:
A Lesson from eBay on Online Security Digital to Host Cathay's Bilingual Banking Abu Dhabi Bank Picks ACI Software
A Lesson from eBay on Online Security
Banks should take note of a decision by the online auctioneer eBay Inc. to tighten its user authentication, an analyst said Wednesday.
The San Jose company announced to users last week that it will stop using Microsoft Corp.'s Passport log-in system as an alternative to its own user names and passwords. The move is consistent with its security policy of asking that users' eBay passwords not be used elsewhere online.
Analysts have said that the success of eBay and its payments subsidiary, PayPal Inc., can be credited to their rigorous approach to online fraud.
"There are more fraud attacks on eBay and PayPal than on any single bank except for Citi," said Avivah Litan, a vice president and research director at the Stamford, Conn., market research company Gartner Inc.
Microsoft touts Passport as a way for Web users to log on to multiple unrelated Web sites with a single log-on name and password. Passport can also store information that is shared at sites the user visits.
Passport "sounded like a good idea" when first introduced because no one had heard about phishing, the e-mail scam in which fraudsters impersonate banks to steal account information, Ms. Litan said.
She said eBay's decision to dump Passport indicates that the risks now outweigh the benefits to users. "It's one password to get into all these sites," she said, "but with phishing, it's one password to break into all these sites."
The single-sign-on model could work if Microsoft assumed the risk, Ms. Litan said. But no one wants to do so, she said, "because there isn't any money in it." Consequently, she said, the concept "is pretty dead in the business-to-consumer world."
The Passport announcement echoed a decision eBay made last year to alter its toolbar software to protect passwords better. The toolbar, an add-on to Internet browsers, enables eBay users to search auction listings without having to visit eBay.com.
But an April upgrade made the software double as an anti-fraud watchdog for users. It detects when users type their passwords at sites not owned by eBay (even if they are using the same password to legitimately sign on to online banking, for example).
The software then opens a pop-up window advising against the use of different passwords for non-eBay sites. If the outside site is a known phishing site, the user is prevented from typing anything.
eBay said that for crooks its users' passwords are better prizes than bank passwords, since the stolen eBay account of a reputable seller could be used to trick countless buyers into handing over money in bogus online auctions and sales.
Digital to Host Cathay's Bilingual Banking
Cathay General Bancorp, which powers its online banking with software from Certegy Inc. of Alpharetta, Ga., will switch by May to a hosted bilingual service from Digital Insight Corp.
The Los Angeles banking company serves the Chinese-American community.
Industry observers have said rewriting Web banking software to make it bilingual can be very expensive, especially if the software was not originally coded with multiple languages in mind, as Digital Insight's was.
Thirty Digital Insight customers use Digital Insight for online banking in Spanish, and Cathay General will be its third to use a Chinese-and-English version. Digital Insight said it can also do custom translations.
"An end user can toggle between the two languages," said Katherine Jansen, the vendor's senior vice president of corporate strategy and development. The option is useful because "within the same household there may be different preferences for language," she said.
Bilingual sites may appeal most to first-generation immigrants, analysts have said. Their children may be comfortable with an English-only site.
Abu Dhabi Bank Picks ACI Software
Abu Dhabi Commercial Bank will use ACI Worldwide software for payment authorization at automated teller machines and point of sale terminals.
The software will help it conform to Europay-MasterCard-Visa mandates that banks issue chip cards to combat fraud, the Omaha vendor of transaction-processing software said Wednesday.
ACI, a unit of Transaction Systems Architects Inc., did not say when Abu Dhabi Commercial will start using its product.
