Feds May Force Better Bank Account Protections

U.S. regulators are considering new requirements to force banks to take better care of their customers' online accounts — as computer intrusions and falsified electronic transfers proliferate, according to the Financial Times.

Figures that U.S. banks have provided federal regulators show $120 million was lost due to computer intrusions and falsified electronic transfers in the third quarter of 2009. The Federal Deposit Insurance Corporation estimates that overall identity fraud at banks is costing the system about $700 million per quarter, according to the Financial Times report.

A group known as the Federal Financial Institutions Examination Council—made up of representatives from the FDIC, the Federal Reserve and other agencies—is considering requirements for "out-of-band" confirmation of large transactions. That would require financial institutions to contact customers through means other than the Internet to confirm some transactions. Banks in Europe often place calls to clients' mobile phones to as a means of verifying whether a transaction is legitimate.

The council warned banks in 2005 not to rely merely on usernames and static passwords. Some U.S. banks are now requiring other authentication for large transactions.

Most U.S. banks reimburse consumers for losses due to computer infections. But the Financial Times report points out the law does not require banks to extend that protection to business customers as long as the banks' security measures are "commercially reasonable." Some small businesses have been bankrupted by computer malware that has allowed fraudsters to access their accounts and steal hundreds of thousands of dollars.