Dial-up Internet connections are a problem for banks that automatically phone online customers to double-check their ID for some transactions.
A Pennsylvania bank is testing a technological work-around.
"We're rural, and we're still out in the country where some people have dial-up Internet access," said Richard W. Stern, the senior vice president and treasurer of Somerset Trust Co. When those customers bank online, "they lose the use of their telephone," he said.
Somerset is testing VoiceVerified from NGM Tec Inc. of New Hope, Pa. Customers enroll by speaking some numbers into a microphone plugged into their computers or by phone (the bank calls the customer or the customer calls a toll-free number). NGM says the process takes about 90 seconds.
Ultimately, customers who initiate online transactions the bank wants to further verify can be prompted to use the computer microphone while online. At the moment, though, Somerset Trust is testing a less advanced capability that will require customers who have initiated a wire transfer over the Internet to call the bank on the phone - even if that means breaking a dial-up connection - to speak to the VoiceVerified system.
Somerset recently started testing that procedure with employees. It expects customers be using the technology for various kinds of transactions later this year.
Nearly 7,000 of its 16,200 checking-account holders have enrolled in its online banking system, and 43% of them use it at least once a week, Mr. Stern said. "We're looking for what will be perceived by the customer as the easiest and most acceptable method" of being authenticated online, he said.
NetRatings Inc., an Internet research firm, said that 30.6% of home Internet users in the United States were still using dial-up connections as of March.
Other vendors of software that uses the phone to authenticate transactions also have work-arounds for dial-up.
RSA Security Inc.'s Risk Based Authentication monitors online banking sessions to spot high-risk activity. The Bedford, Mass., company's software examines the hardware and network traits to determine if a customer is using a recognized computer and Internet service provider. It also looks at the risk inherent in a transaction.
When the software spots unusual risk, it can phone the customer for identify confirmation or - banks get to choose - send an e-mail or present challenge questions.
Amir Orad, an executive vice president with RSA's Cyota consumer solutions division, said this system is unlikely to phone people who are using their dial-up connection, which it would recognize.
But when the system does need to phone a user who does not or cannot pick up the phone, the transaction is blocked, he said. That rarely happens, Mr. Orad said, but "in those cases we want him to contact the call center directly."
More than 60% of Cyota's customers choose the challenge-question option instead of the phone option, he said. Furthermore, only 10% to 15% of the people Cyota monitors used dial-up connections last year, he said.
ProtectID, which StrikeForce Technologies Inc. of Edison, N.J., introduced in 2003, asks customers to authenticate transactions over the phone by entering a PIN. Late last year StrikeForce also began permitting people to authenticate transactions online, using software that generates a one-time password that works only on known computers.
"Most houses today have call waiting," and it is easy to find software and hardware that enable them to take calls on the phone line they are using for dial-up access, said George Waller, StrikeForce's executive vice president.
Still, he said, banks should not assume their customers are using the call-waiting-related technology.
George Tubin, a senior analyst at MasterCard International's TowerGroup Inc. in Needham, Mass., said banks cannot rely on their customers' having a phone line available to receive an authentication call.
Though many people have cell phones today, "you question the coverage in a rural setting," where there may also be no practical broadband option, he said.
Many banks have decided to ask for authentication only online, because they can safely assume the online customer at least has a computer and an Internet connection, Mr. Tubin said.
That is why most banks prefer challenge questions to making outbound phone calls, he said. That way "everything is happening over the Internet."
