Online banking: Know the answers or get locked out

by Center for Personal Finance editors

NEW YORK (8/29/06)--Following a rash of recent phishing attacks, more financial institutions are getting serious about the security of their online banking services. So if you're asked personal questions before you log in, make sure you can remember the answers (The Wall Street Journal Aug. 23).

More online bank customers are getting locked out--for the right reasons. Increased security efforts--due to consumer worries over online fraud and phishing--include stronger authentication processes for logging into accounts, and that's good for you. The median cost of a phishing incident increased to $850 this year, from $165 in 2005, according to Consumers Union (September 2006).

What's tripped up some customers, though, is forgetting the precise answer to a question theyset up. Can't remember the name of your first boyfriend? Can't come up with your high school mascot? Don't recall the name of your first pet? Sorry--you'll have to call and create an easier set of online questions for yourself.

This month, ING Direct stepped up its security efforts for online customers, requiring more than just usernames and passwords. Now, customers can choose an image from a menu of pictures to personalize the customer's log-in page. This makes it more difficult for a con artist to create a fake home page to dupe the customer into dishing out personal information. In addition, customers must answer at least five security questions (CNET News.com Aug. 17). And if the new security technology doesn't recognize the computer being used to log in, the customer will be asked an extra question or called.

The National Consumers League and the National Cyber Security Alliance offer these tips to stay safe online:

Watch for "phishy" e-mails. If a financial institution sends an e-mail message asking you to confirm your personal information or claims that your account is about to be closed, delete the message and report it to the financial institution immediately. Don't bite--even if the sender claims to be from the fraud department of some well-known company or from a state lottery commission and wants your account information to deposit your "winnings" in your accounts.

Don't click on links within e-mail messages that ask for your personal information. If you do, you likely will be lured to a fake Web site that looks just like the real one, and your money will go into the pockets of identity thieves.

Beware of pharming. This secretly plants a virus or malicious program in your computer and hijacks your web browser. When you type in the address of a legitimate website, you're routed to a fake site without realizing it. If you give your password or account information on the fake site, your account will be used fraudulently.

Steer clear of giving personal information in a pop-up screen. Even if you're on a legitimate site, an unauthorized pop-up screen created by a scam artist may appear and contain blanks for you to fill in your personal information. Don't do it. Legitimate companies don't ask for personal information in pop-up screens.

Download and install spam filters, antivirus, and antispyware software, and a firewall, and keep them up to date. Go to download.com and onguardonline.gov for more information.

Watch out for vishers. Phishers are turning to the phone to lure you into giving out personal information. If you get an e-mail message urging you to call a phone number, and during the call you're asked for personal information, it's likely you've been vished.

If you think you've been a victim, contact the Federal Trade Commission's ID Theft Clearinghouse at consumer.gov/idtheft or call 877-438-4338.