Posted by secExtra on January 25th, 2008

SPOKANE JOURNAL | Financial institutions long have been in the business of safeguarding customers’ assets, but gone are the days when an iron-clad vault was sufficient for the task. Now, information is an asset that also must be protected, and banks continually are investing in a sophisticated arsenal of weapons to thwart information “thieves.”

Spokane-area bankers say the importance of information security has risen significantly in recent years for several reasons. Among them, online banking has grown in popularity, most records now are transmitted and stored electronically, and the federal and state governments have tightened information-security regulations.

“Certainly in the banking industry, customer tolerance for security breaches is much lower than in other industries, like retail,” says Dave Klatt, information technology governance and security manager at Sterling Savings Bank. “Banking is a highly regulated business, and there’s a level of importance that gets placed on security for us more so than for other businesses.”

While the need for beefed-up information-security programs in banking has been growing over time, a seminal moment came in 1999, when the federal government passed the Gramm-Leach Bliley Act (GLBA), bankers here say. That law requires financial institutions to implement an information- security program that ensures the integrity, security, and confidentiality of customer information, Klatt says.

Bankers say that perhaps the most significant change banks have had to make to their security programs in recent years has been the result of a federal guidance issued in 2001 and updated in 2005 that account fraud and identity theft are frequently the result of a user ID and password authentication exploitation. The guidance said banks that offer Internet-based products and services to their customers should implement multifactor authentication, layered security, or other controls to mitigate those risks.

Multifactor authentication involves requiring an online banking customer to provide more than just a user name and password to access their account, says Nicole Tutt, information security officer at Spokane Teachers Credit Union. Layered security involves combining multiple security products to create a comprehensive barrier against attacks on a network.

STCU, Sterling Savings, and AmericanWest Bank say they wrapped up their implementation of multifactor authentication systems for their online banking services within the past year or so.

You can read the rest @ Spokane Journal