Travel Website and Bank Website Security Measures

Part
01
of two
Part
01

Travel Website and Bank Website Security Measures

Banking websites employ various security measures to ensure customer information is protected. Customers are provided information about these measures from the banking websites. Exploration of a customer's journey on these websites demonstrated how these security measures are experienced, using three banks as case studies: Bank of America, Glacier Bank, and Wells Fargo Bank.

Bank of America

  • Bank of America employs multiple security measures to protect its customers. These security measures include notifications and alerts to mobile devices, strong password requirements, and enrollment in "verify your Visa card is with you". The bank website has a link to report suspicious links received via email or text as well as a fraud prevention checklist to educate customers on potential fraud.
  • The "verify your Visa card is with you" measure involves using the customer's cell phone location to confirm the customer is in the same area in which the card is being used. This works with cellular or WiFi data usage.
  • Online account security with Bank of America involves authentication, encryption, and data integrity features. Authentication ensures server connection is accurate, while encryption scrambles data being entered to prevent it from being intercepted. Data integrity involves detection of altered data and ends the connection if this is discovered.
  • Bank of America customers can elect an additional security measure called a one-time authorization code. This means a text or email is sent to the customer when there is a sign-in attempt to the customer's account from a new device. The code expires in 10 minutes, ensuring the customer is at the device being utilized. Customers can also use a fingerprint to sign in to the mobile app if desired.
  • When a customer signs in to his/her Bank of America account, s/he sees a prompt to enter the login and password associated with the account, illustrated in Figure 1 of the references Google document. There is an additional option for the customer to enroll in online banking, if s/he has not done so (Figure 2). The customer signs in with the username and password s/he created. If this is a new device, the customer will be prompted to enter the authentication code sent to his/her mobile phone or email.
  • If the bank has detected potential fraud or a security threat, s/he will be prompted to reset the password, as seen in Figure 3. In the absence of a concern, the customer will be taken to his/her account.
  • In the case of a forgotten password, the password can be reset. The customer must provide the bank account number and social security or text identification number associated with the account to be allowed to reset the password. This is illustrated in Figure 4.

Glacier Bank

  • Glacier Bank utilizes various security measures to protect customers. These security measures include data encryption, strong password requirements, links to report suspected fraud, and guidelines for customers to protect their information.
  • The data encryption function scrambles data entered by the customer to prevent interception of the data. The strong password requirements ensure customers select passwords not easily guessed by others. Customers also select an image to associate with their accounts, which assists with verification of the login screen being the accurate platform.
  • Glacier Bank offers a security option of "debit card guard" for customers. This sends alerts via text to customers when an unusual transaction occurs using the enrolled debit card.
  • Glacier Bank customers enroll in online banking by accepting the online banking agreement and confirming their account number, social security number, and the email associated with their accounts, illustrated in Figure 5 of the attached Google document. Once enrolled, a customer can login to the account via the primary bank screen (Figure 6). Entering the login name directs the customer to another screen showing the personalized image and a prompt to enter the password, as seen in Figure 7. Successfully entering the password allows the customer access to his/her accounts.
  • Customers have multiple options to assistance if a password is forgotten. Creating a security question, which can be asked to verify identity to reset the password, is one such option. Additionally, customers may click the "forgot password" option on the sign-in screen (Figure 8), which leads to an email being sent to the email attached to the account with a link to reset the password. A third option for customers to reset the password is to call customer service for verification and assistance.

Wells Fargo Bank

  • Wells Fargo Bank employs multiple security measures for customer protection. Some of these security measures include biometric authentication, voice verification, and access codes. Unique usernames and passwords, along with data encryption to prevent data interception, provide additional security.
  • Biometric authentication includes using fingerprints or facial recognition to sign in to an individual account from a smartphone. The voice verification option identifies customer identity with the person's recorded voice pattern. Access codes allow customers to make secure transactions at Wells Fargo ATMs without using the physical card, which prevents the card from being vulnerable to information theft.
  • A Wells Fargo Bank customer enrolls in online banking by confirming his/her social security or tax identification number and the account or ATM card number, as illustrated in Figure 9 of the attached Google Document. Once enrolled, the customer signs in to the account from the main Wells Fargo page, illustrated in Figure 10. If the customer forgets the password, s/he clicks the option to reset the password, and s/he will confirm the username followed by account details, as seen in Figure 11.

Research Strategy

Answering the research question began with identification of three well-known banking establishments. The main pages for each back were viewed, and we explored the security, informational, and FAQ pages for each bank. This provided information about each establishment's security measures. We tested each banking website's procedures by attempting to login to the sites, following prompts for password resets, and using demonstration options as available. This allowed researchers to experience the workings of the security measures first-hand, leading to accurate information of customer experience to be obtained.
Part
02
of two
Part
02

Travel Website and Bank Website Security Measures 1

Most airline and hotel websites use usernames and passwords to protect clients accounts. There are is a strong emphasis for strong passwords in the travel industry. In most cases, the user journey is guided by the information on the company websites.

Case 1: Hawaiian Airlines

Security Measure

  • When a user opens an account with Hawaiian Airlines, they set up a username and a unique HawaiianMiles number is generated. They are also expected to set up a strong password that is 10-16 characters long. The password should contain at least "1 uppercase letter, 1 lowercase, and 1 number".
  • The user can use their email, HawaiianMiles number or username together with the password to login to their account. If they are unable to input the correct password for three consecutive times, the account is locked. This means that if they cannot remember their email, username or HawaiianMiles number, they will not be able to access their account.

User Journey and Recovery of Login Credentials

  • The process of signing in to a Hawaiian Airlines user account starts with clicking the sign in button on the top right-hand-side corner of the airline's website. This leads to the login page where the user enters their credentials before clicking the sign in button to submit details for verification.
  • If the information entered is correct, then the user is allowed to access their details. However, if the user cannot remember their HawaiianMiles number or username, they can click "Forgot your HawaiianMiles number?" link on the sign in page to retrieve their username and HawaiianMiles number.
  • If the user cannot remember their email address, they are allowed to submit their names and phone number to enable them change their email address.
  • In the event that the user account is blocked, then the user can use the account reset link on the Help Center page to trigger password change.

Case 2: Hilton

Security Measure

  • Hilton uses a combination of a username or Hilton Honors number and password to protect clients' accounts on their website. Every user is required to create a password that is between 8 and 32 characters long, has one uppercase letter and one lowercase letter. It should also have one number or one special character. The Hilton Honors number is generated once the user signs up for an account with Hilton.

User Journey and Recovery of Credentials

  • The user journey of experiencing this security measure starts when the clients click the sign in button on Hilton's website. If they enter their login details correctly, then they are granted access.
  • In the event that they cannot remember their password, the user can click the "Forgot your password?" link on the sign in page and navigate to the "Forgot your info?" section. This allows them to start the process of resetting their password through an email trigger.
  • On the other hand, if they cannot remember their username or Hilton Honors number, then user is redirected to the Hilton Honors Customer Service Center. Here, they can contact the support team for assistance through live chat. Also, this section serves as the FAQs section that provides for self-help.
Sources
Sources