Full Text

Note: Two common misconceptions about online banking security may be holding financial institutions back from offering their customers the best services possible.

I've had the opportunity to work with a number of financial institutions around the world, helping them design and implement security solutions for their online banking systems. Along the way, I've identified two highly prevalent myths surrounding online banking security. Here, I'll explain the flawed thinking behind these myths and offer some simple solutions to their associated challenges.

Myth 1: Strong online security practices are inconvenient and create bad customer experiences.

Banks with the strongest online security are able to offer their customers more and better services than their less secure competitors, which often trump any convenience factors. For example, a bank that launched its online banking service back in 1996 began immediately enforcing strong, two-factor one-time password (OTP) token-based authentication at every login. The bank quickly reached 2.5 million online users despite the fact that access to the site required login via a challenge/response scenario. Customers recognized that this system enabled them to confidently and securely conduct all their financial business online, including executing international money transfers, making stock trades and completing mortgage applications.

Fast-forward to 2011. With all of today's advanced security technologies, you might ask how financial institutions can build online banking systems that offer functionality and sufficient security and also maintain the highest level of convenience. My suggestion is to let your customers customize their security options in the...