Travel Website and Bank Website Security Measures
Banking websites employ various security measures to ensure customer information is protected. Customers are provided information about these measures from the banking websites. Exploration of a customer's journey on these websites demonstrated how these security measures are experienced, using three banks as case studies: Bank of America, Glacier Bank, and Wells Fargo Bank.
Bank of America
- Bank of America employs multiple security measures to protect its customers. These security measures include notifications and alerts to mobile devices, strong password requirements, and enrollment in "verify your Visa card is with you". The bank website has a link to report suspicious links received via email or text as well as a fraud prevention checklist to educate customers on potential fraud.
- The "verify your Visa card is with you" measure involves using the customer's cell phone location to confirm the customer is in the same area in which the card is being used. This works with cellular or WiFi data usage.
- Online account security with Bank of America involves authentication, encryption, and data integrity features. Authentication ensures server connection is accurate, while encryption scrambles data being entered to prevent it from being intercepted. Data integrity involves detection of altered data and ends the connection if this is discovered.
- Bank of America customers can elect an additional security measure called a one-time authorization code. This means a text or email is sent to the customer when there is a sign-in attempt to the customer's account from a new device. The code expires in 10 minutes, ensuring the customer is at the device being utilized. Customers can also use a fingerprint to sign in to the mobile app if desired.
- When a customer signs in to his/her Bank of America account, s/he sees a prompt to enter the login and password associated with the account, illustrated in Figure 1 of the references Google document. There is an additional option for the customer to enroll in online banking, if s/he has not done so (Figure 2). The customer signs in with the username and password s/he created. If this is a new device, the customer will be prompted to enter the authentication code sent to his/her mobile phone or email.
- If the bank has detected potential fraud or a security threat, s/he will be prompted to reset the password, as seen in Figure 3. In the absence of a concern, the customer will be taken to his/her account.
- In the case of a forgotten password, the password can be reset. The customer must provide the bank account number and social security or text identification number associated with the account to be allowed to reset the password. This is illustrated in Figure 4.
- Glacier Bank utilizes various security measures to protect customers. These security measures include data encryption, strong password requirements, links to report suspected fraud, and guidelines for customers to protect their information.
- The data encryption function scrambles data entered by the customer to prevent interception of the data. The strong password requirements ensure customers select passwords not easily guessed by others. Customers also select an image to associate with their accounts, which assists with verification of the login screen being the accurate platform.
- Glacier Bank offers a security option of "debit card guard" for customers. This sends alerts via text to customers when an unusual transaction occurs using the enrolled debit card.
- Glacier Bank customers enroll in online banking by accepting the online banking agreement and confirming their account number, social security number, and the email associated with their accounts, illustrated in Figure 5 of the attached Google document. Once enrolled, a customer can login to the account via the primary bank screen (Figure 6). Entering the login name directs the customer to another screen showing the personalized image and a prompt to enter the password, as seen in Figure 7. Successfully entering the password allows the customer access to his/her accounts.
- Customers have multiple options to assistance if a password is forgotten. Creating a security question, which can be asked to verify identity to reset the password, is one such option. Additionally, customers may click the "forgot password" option on the sign-in screen (Figure 8), which leads to an email being sent to the email attached to the account with a link to reset the password. A third option for customers to reset the password is to call customer service for verification and assistance.
Wells Fargo Bank
- Wells Fargo Bank employs multiple security measures for customer protection. Some of these security measures include biometric authentication, voice verification, and access codes. Unique usernames and passwords, along with data encryption to prevent data interception, provide additional security.
- Biometric authentication includes using fingerprints or facial recognition to sign in to an individual account from a smartphone. The voice verification option identifies customer identity with the person's recorded voice pattern. Access codes allow customers to make secure transactions at Wells Fargo ATMs without using the physical card, which prevents the card from being vulnerable to information theft.
- A Wells Fargo Bank customer enrolls in online banking by confirming his/her social security or tax identification number and the account or ATM card number, as illustrated in Figure 9 of the attached Google Document. Once enrolled, the customer signs in to the account from the main Wells Fargo page, illustrated in Figure 10. If the customer forgets the password, s/he clicks the option to reset the password, and s/he will confirm the username followed by account details, as seen in Figure 11.
Answering the research question began with identification of three well-known banking establishments. The main pages for each back were viewed, and we explored the security, informational, and FAQ pages for each bank. This provided information about each establishment's security measures. We tested each banking website's procedures by attempting to login to the sites, following prompts for password resets, and using demonstration options as available. This allowed researchers to experience the workings of the security measures first-hand, leading to accurate information of customer experience to be obtained.