Keeping your money and financial data safe is top of mind for consumers today. While you’ve probably taken steps to protect yourself from identity theft, how do you know if banks are protecting the information you give them?
The good news is that any company “significantly engaged” in providing financial products and services is considered a financial institution – even payday lenders and check-cashing operations.
These organizations must comply with Federal Trade Commission (FTC) rules. The Gramm-Leach-Bliley Act requires financial institutions to ensure the security and confidentiality of information. Under the same act, the Safeguards Rule requires financial institutions to have specific measures in place to keep customer information secure.
But security also makes good business sense by showing consumers concern for their security and welfare. Banks use a series of checks and balances, both in the virtual space and the physical world to protect consumers’ interests.
Traditional banking institutions, including JPMorgan Chase & Co., have extensive methods of protecting data. Their computer systems are password protected, and their ATM terminals have timeouts and encryption on certain data transmissions.
Buildings can only be accessed by employee cards and banks are under camera surveillance. Like many businesses dealing with sensitive information, these organizations shred whatever is printed.
Customers typically need to use a password or other identifying information before making transactions. Suzanne Alexander Ryan, a spokesperson for JPMorgan Chase, says the company uses a variety of technologies and techniques to ensure security.
“We are very serious about safeguarding our customers’ personal information online,” Ryan says. “As a security measure, customers may access their account information online from the Chase website only if they have registered to do so. Chase Online Banking uses Secure Sockets Layer (SSL) technology to encrypt personal information such as user IDs, passwords and account information over the Internet. Any information we send to customers is scrambled en route and decoded once it reaches their browser.”
She says the company also encrypts any email correspondence between customers and the bank through its secure message center.
“We ask that customers do not send us confidential information, such as Social Security numbers or account numbers, through an unsecured email,” she says. “They should send such communications to us through postal mail, phone or by visiting one of our branches.”
Jason Menke, vice president of communications for Wells Fargo’s Digital Channels Group, says the bank carefully polices its online and mobile banking.
“If we are suspicious of any online behavior, we may restrict online access to accounts or prevent certain types of transactions,” he says. “These measures safeguard a customer’s identity and accounts. Further proof of identity may be required before online access is restored.”
The company offers an Online Security Guarantee that promises to reimburse customers 100 percent of the loss in the event that an unauthorized party removes funds from a customer’s accounts through Wells Fargo’s online services.
Online banks and tech apps
As consumers have turned to new technologies to manage their money, new online banks and financial tech apps have had to be as secure as banks regarding privacy and data protection.
“Protecting customer data is obviously a critical element of our business,” says Ben Katz, CEO and founder of startup Card.com. “First, we use industry-standard best practices in the creation of our website and infrastructure, encrypting information where appropriate. Peer review is also an integral part of our architecture and development processes.”
Peer review means any change to Card.com is reviewed by at least one other person in addition to the developer who made the change. Changes could include bug fixes or a new feature on the site.
Katz says the company also partners with the same processing providers used by institutions like Wells Fargo and Citibank, to manage transactions in a secure and efficient manner.
“Segmenting the data like this helps reduce the risks of possible security breaches or accidental exposure, protecting ourselves as a company, but most importantly protecting our card users’ private data from exposure,” he explains.
Segmenting data involves separating data by financial purpose, analysis and customer relationship. The information is separated on different servers and even kept in different data centers. Bank employees have access only to data that they require to do their jobs.
“When a marketing person or a data scientist works with data, they simply don’t have access to information beyond what they absolutely need.”
Small, startup financial institutions often have to work harder to protect information, meaning they spend more of their overall income or initial startup capital to ensure that their company is not sunk by a single data infraction.
“We have to try to rise up to their [large banks’] level of data protection with a much smaller budget,” Katz says.
Yet Katz says that his organization’s smaller size gives it one advantage.
“We are less of a target because the total volume of cash loaded onto our cards is smaller,” he says. “Like many aspects of our business, we believe our need to invest in security will scale along with the growth of our deposits.”Tags: IT Security,Technology