As important as it is to protect your business, your employees, and your assets, sometimes bad things find a way of happening anyway. If you’ve had to deal with an unfortunate incident in the past, you might be wondering if there’s anything you could have done to prevent it. While no one can guarantee protection, there are a few steps you can do to try and keep your business more secure in the future.
This article is contributed by Matt Jackson.
ID cards can seem like a bother at times. After all, you need to have them displayed at all times and there’s the agonizing wait to get a new photo taken. Nobody wants to be the guy who blinks during the picture. Customized ID cards can work wonders for employee management, though. Continue reading “How Can Customized ID Cards Help With Employee Management”
Your voice may be the best PIN.
Serendipity is the fortunate ability to gain knowledge from accidental events. This post is certainly a product of serendipity. On the recommendation of Kim Krause Berg, I purchased a book called Web Form Design: Filling in the Blanks by Luke Wroblewski. Since Jared Spool, a usability expert I respect highly, was associated with the book, I felt sure it would be a good decision. .. and indeed it was.
I must admit Web Form Design was something I felt I should know more about, a necessary chore in being a well rounded Internet marketer. It was refreshing from the start to realize that the author too hated forms. They are inevitably an irritating step in achieving our real aim of buying a book or accessing our bank account. If you want to know more about making such Web Forms less irritating, then I can highly recommend this book.
I gained something more important from the book than what was contained within its pages. Clearly if experts in Web Form Design suggest we should try to work with minimal forms to reduce frustration, then the ultimate solution is to avoid the form entirely.
Perhaps the best test ground for that is Online Banking, where security is a key concern. Even there, forms are becoming more elaborate with security in mind. For example the Bank of Montreal now includes an image for you to confirm as your own.
Once you decide to try to work without forms, then voice technology naturally comes to mind. Your voice can be the very best personal identifier. You will not forget it and it’s very difficult for anyone else to use it. That certainly was the message from the UK earlier in the year.
Ian Turner, general manager for Nuance’s operations in northern Europe, said: “By the end of next year, about 20 million people in the UK will be registered with some kind of system.” He said voice recognition can be 97 per cent accurate, but it is always used with some other form of identification, such as a password. He added that even good mimics cannot fool the system.
Now from India there is news that Yes Bank and Cisco are launching hi-tech phone banking services. The Yes Bank-Cisco Interactive Experience Centre at Gurgaon will provide communication over voice, chat and email. The bank’s customers will now be able to access their accounts 24X7 via ‘Yes touch’ phone-banking services that will support business-related queries and transactions.
The bank is now looking at launching a new telephonic voice identification system, called voice biometric, in collaboration with a US company in the next 12 months. “We have the technology for speech biometric and just need fine-tuning for Indian voice recognition and vocabulary, which will have 90 per cent accuracy,” Ravishankar, Yes Bank Country Head, Direct Banking, said.
Given the ongoing security concerns with traditional Web Forms for online banking, it may only be a short time before you will be talking to your online bank too.
If all the talk of identity theft has not already made you very cautious in doing your online banking, then a study reported on by Sarah Schmidt in the Ottawa Citizen today should get you very concerned. According to experts, there’s no ‘peace of mind’ for online bank users. Paul Van Oorschot, Canada Research Chair in Network and Software Security at Carleton University, and PhD student Mohammad Mannan, a specialist in Internet security, suggest that complicated security requirements leave clients vulnerable. They contend that Canadian banks mislead their customers about the safety of online banking in their marketing materials and give users a false sense of security about their refund guarantee if hackers raid their accounts.
They surveyed 123 technically advanced users, mainly computer-science students, professors and security researchers. Although most of those surveyed are more security-aware than average customers, they still failed to satisfy common security requirements. They conclude that most average users will be ineligible for the 100-per-cent reimbursement guarantee banks would seem to be offering. In their opinion, doing online banking with ‘confidence’ and ‘peace of mind’ is no more than a marketing slogan which misleads users.
They found weaknesses in a number of areas:
- Despite strong recommendations about password uniqueness, most banks allow weak passwords.
- There are weaknesses in banks’ Secure Sockets Layer, a protocol for transmitting private documents known as SSL certificates.
- Malware can replace a bookmarked login URL with a phishing site URL that masquerades as the bank.
- Most banks’ customer agreements require users to install and maintain up to date copies of anti-virus, firewall and anti-spyware programs.
Apparently Maura Drew-Lytle of the Canadian Bankers Association believes the expectations of banks are fair and are no more stringent than what people should have on their home computers to do simple things like sending e-mails. That seems a somewhat facile suggestion. As an example (although any Canadian bank could have been chosen), here are just some of the steps that the Bank of Montreal suggests for safe online banking.
- Always verify the Bank’s web site name in the “Address” (Internet Explorer) at the top of the browser
- Keep your debit and credit cards and passwords/PINs (Personal Identification Numbers) safe. Do not divulge your passwords/PINs to anyone.
- Change your passwords regularly following guidelines on how to choose a strong password
- Always log off to end your secure session.
- Once logged off, delete all traces of your secure session from the memory of your computer. (Learn more about how to clear your cache)
All that and more is required if you wish BMO to keep their stated promise. We will reimburse you 100% of any losses to your Personal Banking accounts resulting from unauthorized transactions through Online Banking. That word ‘unauthorized’ is according to the Bank’s definition, which is spelled out as follows: (bolding not in the original)
- You authorize us to accept without any further verification, and you agree to be responsible for, all instructions for FirstBanking Transactions via FirstBanking Automated Services, when accompanied by your Card and Secret ID Codes.
- The use of your Card or Secret ID Codes by you, or by any person with or without your knowledge or consent, in connection with a FirstBanking Transaction, binds you legally and makes you responsible to the same extent and effect as if you had given signed, written instructions to us.
- We may verify communications, or the source of the communications, before we accept them, but we are not obligated to do so.
As they say, the devil is in the details. Online Banking can be enormously convenient but be aware that you are responsible for making sure about security. As the Canadian Bankers Association contends, the banks believe that it is only fair to expect customers to read agreements before they agree to the terms.