New research conducted by Unisys claims that U.S. banks are at risk of a losing customers as a result of growing consumer awareness of identity theft issues. The study found that nearly half of U.S. households would be willing to switch their accounts to financial institutions that offer stronger theft detection and alert services.

According to the survey, while trust in banks remains high, more than half of those surveyed are worried about the safety of their money. The study found that one in five U.S. households – more than 21 million –have been directly affected by identity theft. Key findings of the survey were:

1. Customer Trust - 84 percent of consumers believe their banks are doing all they can to prevent ID theft; however, 69 percent of branch personnel state their banks require customers to initiate a request to freeze an account because of suspicious activity. Nearly 80 percent of branch personnel say their bank monitors for fraud, yet only 14 percent state there is a dedicated department monitoring for this activity.
2. Insider ID Theft - Unisys found that most banks allow widespread internal access to customer data. In fact, 62 percent of branch personnel said that any employee could access customer information. Only 3 percent indicated that access was limited to managers only.
3. 'Phishing' - Only 8 percent of branch personnel are aware of whether their bank has been subjected to 'phishing' attacks; in fact, 91 percent stated their institution have never experienced such an attack (again, more than 100 of the largest institutions were asked this particular question).
4. User Authentication - Many of the large banks rely on information that is not necessarily confidential (e.g., mother's maiden name, Social Security number, etc.); Social Security number is still the number one type of password; among those banks that identified ID theft to be primarily the customer's "problem," 29 percent force the customer to use the same password for both ATM and caller authentication.

Common Victims - Consumers with experience with ID theft tend to be younger (under age of 45), have higher incomes, have college education and live in metropolitan areas; households with the greatest concern about the safety of their money tend to be younger and live in the Western U.S.


dnesbitt at 01:50 PM MST

Novell last week announced a major deal with BT (formerly British Telecommunications) to provide directory and consulting services to BT Exact, the telecommunications company’s technology and IT operations division. BT Exact is working with Novell on a directory-based program to integrate identity information among its various lines of business. When completed, the initiative will involve more than 100,000 users globally, including employees, agencies and partners.

The project is essentially a metadirectory backbone, provided by Novell's eDirectory and DirXML products, linking BT's existing Enterprise System Directories (such as Active Directory) to provide a platform for further Identity Management projects such as Role-Based Provisioning and Asset Management. The announcement comes at the end of an 18 month procurement project. "The programme has done a lot in this time," said Charles Hepworth, BT Exact's Directory Enablement Programme Manager. We have completed initial requirements gathering, strategy definition, an ITT, a pilot of the technology in reference, completed the deployment of our infrastructure, installed the meta directory & launched a live supported service feeding AD with others to follow."

BT were assisted in the procurement process by Cambridge Technology Partners®, the business strategy practice of Novell Consulting® in the UK, who provided a strategic roadmap for the project, made the financial case for investment, and articulated the requirements for the necessary identity management technologies. When asked about Cambridge' Technology Partner's influence on the eventual vendor selection, Mr Hepworth stressed that "CTP had no influence or say in our choice of product. We approached 8 or 9 leading companies in the IM field, based upon Gartner's IM magic quadrant. Their responses to our requirements allowed our adjudication."

BT hopes to make significant savings through the initiative through increased efficiency, reduced provisioning and help desk costs, easier administration of existing applications. The Directory Enablement programme should also provide a solid foundation for the introduction of new strategic ventures that require identity management at their core.

An investigation by the BBC has exposed a serious loophole in the security at UK Internet bank, Cahoot. According to the BBC, the loophole briefly allowed customers to access other people's accounts and the website had to be closed down for 10 hours on Thursday to carry out urgent repairs. The site is now open for business again with a statement and apology on the home page.

According to the statement on the Cahoot home page, the problem was identified and fixed immediately and at no stage could hackers have obtained access to customers' money. No explanation for the cause of the breach was given, however according to the BBC the problem occured during a system upgrade. Cahoot say they are "really very sorry about this" and hope that customers will accept their assurances that the site is now fully secure.

Comments on the BBC web page from concerned Cahoot customers and other readers ranged from "extreme disappointment" to resigned apathy. "I find this security loophole very worrying," said one. Another reader was more sanguine, stating that "these security flaws aren't really a big deal."

However, Andrew Lloyd, Netegrity's Managing Director, EMEA, pulled no punches in his assessment of the breach. "This should be a wake-up call for many," he said. "For this sort of thing to still be happening is indefensible. There is always a need for a balance between security and accessibility, but this is the 21st century, and it's not very difficult." Mr Lloyd was particularly concerned about the effect such breaches have on end-user perception of e-business and Internet banking. "Security should be part of the plumbing," he said. "Breaches such as this have a direct impact on the brand image of both the company and the whole Internet banking industry. There needs to be direct linkage from security at the front door up to both Board directors as part of basic corporate governance and C-level executives as part of industry/national regulatory compliance."