If you do banking over the Internet, generally the drill is pretty simple: You enter your user name and password, and away you go. But behind the scenes, the bank can do a lot to check you out: Are you at your home computer, or at one with an Internet address that, strangely, is registered overseas? Are you logging on at an unusual time of day, or from a super-fast connection when normally you have dial-up?

This kind of analysis is one example of the layers that bank Web sites will be adding by the end of 2006 to meet new demands from federal regulators for two-factor authentication. That essentially means checking something more than just user name and password to verify a customers identity.

Phishers and other Internet fraud artists have become adept at stealing passwords, mainly through social engineering. Preying on peoples propensity to believe something seemingly authoritative, criminals send authentic-looking e-mails that send unsuspecting people to an authentic-looking Web site where they give away their data.

Many banks overseas, where data-privacy laws are stronger, already have deployed a second level of authentication. They give customers specialized hardware, such as a smart card or an electronic token that displays a changing series of passcodes.

There is some good solid information in this story follow on to get a greater understanding of what is happening…

[ Source: ap.org ]