How secure can e-mail be made, and how secure does it need to be? Not everyone agrees.
Bank Web sites do use secure socket layer (SSL) encryption, which protects e-mail passing through servers. But much of the e-mail sent by banks to customers and vendors is not encrypted, leaving those messages vulnerable to would-be fraudsters.
Is additional encryption needed?
"It's overkill," says Avivah Litan, an analyst specializing in security and privacy at Gartner Inc. "It may be [a] best practice, but given all the things financial institutions have to worry about, this is not top of the list."
An opposing view comes from Jeff Multz, a vice president at Atlanta-based SecureWorks. When a user sends an e-mail, he says, bits of it can traverse over many servers, sometimes as many as 200 of them, meaning that sensitive information can be seen that many times, or more.
"Most people think e-mail is secure," Multz says. "And that couldn't be further from the truth."
Consumers are reluctant to turn off paper media for fear of giving up what they perceive as permanent, convenient and safe records.»more
SecureWorks recently introduced a service called Encrypted Email Service that encrypts e-mail from a server hosted by SecureWorks at another site, making the process much less cumbersome and expensive for users, who previously had to set up their own hardware and software in-house.
SecureWorks charges a range of $2,000 to $10,000 a year per customer, based on the number of users. By contrast, an in-house service might run $10,000 for the hardware and software, with installation and customization costs additional, Multz says. Since there is no installation with the SecureWorks system, banks can expect to be up and running with the service in a few days, he adds.
Four of SecureWorks' customers have signed up for the encrypted e-mail. The first to use it was First Source Federal Credit Union, based in New Hartford, N.Y., which now encrypts all e-mails it sends to its mortgage vendor, Albany Mortgage Group Inc. in Albany, N.Y., for example.
"It's less expensive than buying a dedicated device," says Tom Koehler, an information technology manager at First Source. "It's a small price to pay to encrypt the information."
To build its encryption product, SecureWorks partnered with Dallas-based Zix Corp., which has built a business of secure e-messaging services to the healthcare industry, where federal regulations mandate doctors send messages to patients in a secure format.
Customers can select which types of e-mails to be encrypted. They can opt to have users go to a Web site to view the e-mail or purchase software to have it automatically decoded before it hits the user's Inbox, Multz says.
More Articles in This Issue
»
PAPER STATEMENTS: EXPENSIVE AND LESS SECURE
Printing and mailing paper statements can cost banks between 55 cents to 75 cents per month per customer, according to a recent report from Javelin Strategy & Research. Online statements, of course, cost nearly nothing. But as motivated as financial institutions are to wean their customers off the pricey paper and despite more than a decade's worth of explosive growth in online banking, relatively few customers have budged.
»more
»
A CHECK 21 SPOT CHECK Our spot check of the impact of Check 21 (we couldn't let Friday's one-year anniversary of the implementation date pass without a mention) touches on remote capture, substitute checks, new purposes for ATMs, returns processing gains, suppliers and contaminated checks.
»more
» SHARED EMPLOYEE DATABASE AIMS TO STOP HIRING MISTAKES An industry initiative designed to keep financial institutions from hiring one another’s fraud-perpetrating employees was unveiled yesterday to a largely receptive audience at BAI’s 11th Annual Combatting Payments & Check Fraud Conference in Las Vegas. »more
»
RANDOM NOTES Banks have known for a while that retail online banking customers are typically more profitable, but recent research suggests that this is true of small business customers, as well. Looking at companies with $100,000 to $10 million in annual sales, Barlow Research concludes that online banking customers are more likely to purchase additional products from their primary bank and interact with that bank through multiple channels. However, they are also more likely to experience an error. »more
