The latest shield banks are deploying to fend off online banking fraud is website access control for their customer's computers. Northern Lights Federal Credit Union of Vermont plans to provide Trusted Bookmarks, software that lets members access only a "white list" of bank and e-commerce websites managed by the credit union while they're using secure browser software from the credit union provides. Northern Lights will try to ensure the white-listed sites are authentic and that transactions are not being monitored or tampered with by criminals. The secure browser solution, which comes from IronKey, is a USB device loaded with secure browser software that creates a tunnel between the customer's PC and the financial institution's computers. While the credit union customer has the USB device plugged in, that person will only be able to use the specialized browser and surf the approved sites.
"Our focus is on protecting our customers online when they access their accounts or pay using Northern Lights credit and debit cards," says Rita St. Arnauld, CEO of Northern Lights Federal Credit Union. "Now we can give our clients a portable secure browser that protects them even if their PC is infected with computer viruses or Trojans. And it gives them a way to make sure they are at the actual sites of top online merchants, not a copycat phishing site. We see Trusted Access as a big advantage for our customers and for us."
Northern Lights worked with consultant John Revilla, CEO of Credit Union Service Alliance Group on the IronKey implementation.
"Now that the Durbin amendment has gone into effect and lowered interchange rates for debit transactions, credit unions need to focus on reducing their risks, especially in 'card not present' online payments," Revilla says. "By using IronKey Trusted Access for Banking, Northern Lights lowers its risk with online payment transactions, increases the security of its online banking and delivers real value-added service for its customers. I see this as a very strategic move that gives them a competitive edge and clear differentiation."
According to IronKey, Trusted Access adheres to the tougher new set of guidelines from the Federal Financial Institutions Examinations Council for securing online banking and money transfers. One of the layered security controls recognized by the FFIEC guidance to help prevent fraud is the use of USB devices "that increase session security when plugged into the customers' PC." They are effective because they "enable a secure link between the customer's PC and the financial institution independent of the PC's operating system and application software," according to the FFIEC document.
