RealTime IT News

Financial Firms Join Security Audit Program

Five banks have become the latest U.S. financial organizations to join an effort to streamline the assessment of online banking security.

Bear Stearns , Goldman Sachs Group , Wachovia , Morgan Stanley and Regions Financial Corp have joined the Financial Institution Shared Assessments Program.

The Financial Services Roundtable designed the program in February to create a set of security standards that service providers need to match.

It changes the "rather ad-hoc" methods by which individual banks judge the security of financial services, according to Michele Edson, program leader. The new members "demonstrate the support for the program," she added.

Rather than conducting numerous individual interviews, the program audits service providers, the results of which can be used by other financial institutions.

Among the more than one-dozen service providers participating in the program are VeriSign , Yodlee and Iron Mountain .

Iron Mountain, which is one of the top providers of repository services in the financial sector, said the program cuts cost and raises the bar for security considerations.

Now, rather than answering one question a thousand times, Iron Mountain completes a 1,600-question audit once, according to Richard Reese, the company's CEO.

Edson said the survey has been expanded to ask questions about network and firewall security. The program expects to complete 12 such audits in 2007, as well as increase its membership.

For service providers, the benefits of the program are many-fold, according to Yodlee. For instance, a security audit could save a service provider at least $100,000.

"A typical scenario would be a service provider with 100 clients who answers 100 security questionnaires per year where 80 percent of the questions are similar, and also completes a large number of onsite assessments," said Niall Browne, Yodlee's information security officer.

The audits also provide a better way for banks to gain answers to security questions, as well as provide service providers a way to measure their security against an industry standard, he said.

The latest members were announced in the wake of this week's $18 million online broker fraud and they join the more than 25 other financial institutions who already belong, including Bank of America, Citigroup and Wells Fargo & Co.

Monday, online brokers E*Trade and TD Ameritrade said they both had been victims of identity fraud. In E*Trade's case, the company paid $18 million to reimburse customers affected by the scheme.

Earlier this year, research firm eMarketer reported lackluster adoption of online banking, rising just 3 percent in the end of 2005.

"Security is not a luxury to online banking users, and it cannot be for online banks," analyst Lisa Phillips said in the report.