BofA's New Toolbar Aims to Club Phishers

Kathie Claypool

svp, e-commerce group

Bank of America Corp.

Even though fear can sometimes trump reality, Bank of America's Kathie Claypool says combating the impression of Internet crime is of vital importance, especially given her view that crime anywhere on the Web threatens user adoption everywhere.

To that end, the institution's Web site is load with tips and information on how consumers can safeguard themselves. There are also several tools to fight or avoid crime, most notably an anti-phishing toolbar operated in conjunction with EarthLink and the bank's SiteKey, a two-factor authentication service that's now a mandatory part of its Web-banking service in the states where available. Claypool discusses the state of skittishness in a time when the Web is a mainstream channel.

As the ratio between branch and Internet users moves in favor of the Web, how is the pool of Internet users changing?

By nature the early adopters are going to be more tech-savvy. But as you get into a more general audience, you have to keep in mind that you have a much less tech-savvy audience. You have to think about that when you're designing things and thinking through what services and products you are going to offer to consumers.

In terms of security, the fear quotient would also presumably be greater among more mainstream users.

We've seen, in both secondary research and in our own primary research, that the average Internet user doesn't completely understand his role in computer security. [Users are] easily confused, and it's no wonder.

Why is that?

There are a lot of firewalls and spyware to keep up with, and if you're not knowledgeable about that kind of stuff, it's hard to know what is what. We find that when you look at surveys where users are asked how often [their information] is being updated, the users were telling [the researchers] they were being updated every week, when it was actually 59 days.

How does this lack of knowledge lead to a greater among of fear?

The average Internet users aren't sophisticated in terms of the threats or the solutions to those threats, so you have to make sure they know what's going on. But you don't want to go around yelling the sky is falling either.

Do you think consumers have overestimated or underestimated the security threat?

We have seen instances and behavior on both sides of that [issue]. So we have put out a fairly extensive section on our Web site on security and how to protect yourself from the various threats. And not those dangers that are online, but offline as well.

What is the anti-phishing toolbar?

It's not necessarily an "anti-phishing" toolbar, because phishing is actually a fake email. It's an Earthlink toolbar that anyone can use as a protective measure, not just EarthLink customers. It can help you as you move through the Web and as you are going to various sites, it lets you know when and where you might want to be cautious, particularly if you're in a situation where you're going to be entering personal information. We chose to partner with EarthLink and cobrand it.

What made EarthLink a good fit?

We saw it as an opportunity to promote safety to our customers by endorsing the EarthLink product in what's a very simple and user-friendly mechanism. They can use it if they're wondering about the security of various Web sites and what they should do if they get a particular kind of email.

It seems possible there are uses for this outside of financial services.

Consumers don't compartmentalize their Internet experience. If they're feeling concerned about safety in general, it's going to affect the way in which they use the Web. They're not going to say "I'm not going to buy something online because I'm concerned about theft. But I'm O.K. doing my banking online." It's to our benefit to help people feel more secure about the Internet.

How does the toolbar fit in with the rest of your Web security strategy?

The SiteKey implementation was focused on our Web site and the consumer experience with us. The toolbar takes things a little broader and says "How can we help you feel more comfortable with your Internet experience?"

You mentioned the consumer's role earlier. Can you recommend simple steps consumers can take?

We remind our banking customers about what they need to be doing about personal security on their computers. And we remind them about simple things, such as making passwords a little more complicated, and to change them frequently. It's amazing how one of the simple things that consumers can do, such as changing passwords frequently can provide an incredible amount of protection.

Where would you rank security among issues related to Web adoption, such as usability?

For any company that is serious about the Web channel, security is an area that you have to focus on. That issue has grown to a point where it should be right at the top of the list. And it's a matter of perception as much as it reality. There's been a lot of press about Web fraud. And while the lion's share of security issues are offline, what consumers are hearing about is what's happening on the Internet. There's a perception of vulnerability out there. (c) 2006 Bank Technology News and SourceMedia, Inc. All Rights Reserved. http://www.banktechnews.com http://www.sourcemedia.com

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER