E-Trade Rolls Out Two-Factor Identity Check

E-Trade announced last that it will roll out two-factor authentication for its retail customers. Explaining the move, an E-Trade spokesperson cited recent security breaches at ChoicePoint and Bank of America as examples of the risks customers face when it...


E-Trade announced last that it will roll out two-factor authentication for its retail customers. Explaining the move, an E-Trade spokesperson cited recent security breaches at ChoicePoint and Bank of America as examples of the risks customers face when it comes to their identity information.

Meanwhile, problems with hackers who "phish" for account information are keeping 20 percent of online consumers from opening e-mails that look like they're from their financial provider, reports Forrester Research.

"This is what's driving a lot of financial institutions to look at two-factor authentication," says Forrester analyst Jonathan Penn. "Two years ago, they would have said, No way.' They didn't think the fraud problem was big enough. But it's much more about this eroding trust in the Internet and especially in online finance."

E-Trade plans to make its customers' lives a little safer by offering them a key-chain gadget that generates a new six-digit code every 60 seconds. This is the "second factor" of the two-factor identification process, the first factor being a login ID and password.

The gadget keeps hackers from logging into a customer's account even if the login information is stolen, because that information alone is no longer enough.

The Digital Security ID, which will be available at the end of March, will be free to customers with $50,000 or more in combined E-Trade account assets, or who trade more than five times a month. Meanwhile, E-Trade's 5,000 top customers will be mailed the device automatically, without having to request it.

E-Trade Financial president Lou Klobuchar told Securities Industry News that he hopes to extend the program eventually to more of E-Trade's customer base.

E-Trade's pilot project has already proven that people are hungry for more security, says Klobuchar. "When we put our request for participation up on our Web site for this pilot, we weren't sure how long it would take to get a few hundred customers signed up for it, and we were oversubscribed in hours," he says.

The customers report that they like it, and feel more secure about using E-Trade's online services. "They're included to use more products and they're inclined to put more assets with such a company," says Klobuchar.

E-Trade's rollout could represent the start of a trend, says Forrester's Penn. "With all the phishing attacks and spyware and other hacks that have been bombarding consumers, they're increasingly wary about doing business on the Internet and it's affecting the financial services quite strongly," he says.

In addition, financial firms that don't step up their security might face additional risks as other firms do just that. That's because hackers first go after the lowest-hanging fruit, says Elsa Lee, CEO of Advantage Security and Competitive Intelligence, a corporate and homeland security service provider based in El Segundo, Calif.

Lee also served for 20 years in the U.S. Army as an intelligence officer, investigating and tracking a variety of criminals, including terrorists, corporate spies, hackers and information thieves.

"The thieves would go find easier targets," Lee concedes. "But if everyone in the financial community would simultaneously move forward then it would make it harder for thieves and hackers." No institution is exempt from this threat, she adds.

Even if it looks as though only the biggest firms are targeted--the Citibanks and eBays of the world--once a thief has access to one account, they don't just move on, satisfied.

"In my experiences with identity thieves, they are not just accessing one account," says Lee. "Once they have access to one account, of either a business or individual, they will make every effort to identity how many other accounts are linked to that person or that business and see if they can get access to those accounts."

The criminals leverage the initial set of identity information, she says, then run credit checks and take other steps to ferret out all other accounts.

This content continues onto the next page...