Memorizing a password just does not cut it anymore. Before you access a Bank of America account online, you'll be asked to verify an identifying image (say, a chess piece or some other object) and a phrase that pop up when you log in. E*Trade Financial offers a gadget that works like a digital decoder ring to unlock your account information. Wachovia might ask you for the name of your high school mascot before letting you pull up your bank statement. And some financial firms are experimenting with anti-fraud devices that will take your fingerprint or scan your iris to protect your identity and your money.
Blame financial regulators for the added inconvenience. It's part of an effort to combat identity fraud, which cost the economy a total of $49 billion last year, according to Javelin Strategy & Research.
About 3.7% of U.S. adults were victims of identity fraud in 2006. That percentage was actually down a bit from 2005, perhaps because regulators have required banks to improve online security to make sure you are who you say you are when you log in. And many other financial firms are beefing up their defenses as well. "By the end of the year, the security process will be very different," says Gwenn Bézard, a research director at Aite Group, which studies online security.
From just $107.88 $24.99 for Kiplinger Personal Finance
Become a smarter, better informed investor. Subscribe from just $107.88 $24.99, plus get up to 4 Special Issues
Sign up for Kiplinger’s Free Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
Cyber armor. Companies can select the kind of cyber armor they wear, and Bank of America, ING Direct and Vanguard are up front about their choice: They require you to select an image and a phrase that will appear on your computer screen before you type in your password. If you log on and the image and phrase aren't the ones you chose, you may have been directed to a fake Web site designed to steal your personal information.
Wachovia's security is more subtle. Each time you log on to a Wachovia account, bank software rates the risk that you could be a crook. Use your home computer and you're likely to get hassle-free access. Log on from an Internet café in Hoboken, N.J., then from one in Boston, and you'll probably have to cough up some personal details, such as the name of a favorite childhood pet.
A number of sites call on your people-watching skills. Web-security company Passfaces created an authentication system, adopted by Midwest Independent Bank, that features Brady Bunch-like groups of nine faces. You select three of the faces when you register your account, and you must recognize them in sequence each time you sign on.
Sometimes extra protection comes in small packages. E*Trade customers can request a device called a Digital Security ID, which is small enough to attach to your key chain and spits out a six-digit code when you log on. The number sequence changes every 60 seconds to prevent thieves from stealing your code. Customers who trade more than 30 times every three months get a free Digital Security ID; otherwise, the device costs $25.
Biometric identification -- the scanning of eyes or fingerprints -- is also in use. At a dozen branches in Utah and Idaho, Zions Bank is testing a system that lets customers cash checks if they are willing to use their fingerprints to identify themselves.
Will it work? All the extra fuss may not make our money any safer. When researchers at Harvard University and the Massachusetts Institute of Technology studied the anti-fraud image system used by Bank of America, they found that 58 out of 60 users still logged on to a phony Web site that did not display the images that the users had selected. The system raises the bar for criminals, says Rachna Dhamija, one of the researchers who conducted the study, but "if users don't comply, it's entirely ineffective. They are going to be giving out their credentials to the wrong Web sites."
But let's face it: It's tough to remember images in addition to multiple codes and user names. To help, a number of software programs -- Password Agent ($25), Handy Password ($30) and RoboForm Pro ($30) -- track all your passwords and stow them in a protected file on your computer or handheld device. Of course, you'll have to create yet another password and user name to access their protected files.
No matter how sophisticated it is, no single online-security measure is scam-proof. Even biometric doodads and high-tech code keys can be thwarted. David Cowan, co-founder of VeriSign, an Internet-security firm, says that many crimes could be prevented if banks simply made phone calls to account holders to confirm unusual or suspicious online activity -- such as transfers of large sums of money to other accounts or changes to mailing addresses for accounts.
-
Why Playing It Safe in Retirement Is a Big RiskFear of losing money could actually cost you in retirement. Find out why being too conservative with your life savings can hurt you and how to stop that from happening.
-
Tax Refund Alert: House GOP Predicts 'Average' $1,000 Payouts in 2026Tax Refunds Here's how the IRS tax refund outlook for 2026 is changing and what steps you can take now to prepare.
-
What Not to Do in an Airport LoungeBefore you settle into that cushy lounge chair, skip the rookie moves that annoy other travelers and can even get you kicked out.
-
Seven Things You Should Do Now if You Think Your Identity Was StolenIf you suspect your identity was stolen, there are several steps you can take to protect yourself, but make sure you take action fast.
-
The 8 Financial Documents You Should Always ShredIdentity Theft The financial documents piling up at home put you at risk of fraud. Learn the eight types of financial documents you should always shred to protect yourself.
-
How to Guard Against the New Generation of Fraud and Identity TheftIdentity Theft Fraud and identity theft are getting more sophisticated and harder to spot. Stay ahead of the scammers with our advice.
-
12 Ways to Protect Yourself From Fraud and ScamsIdentity Theft Think you can spot the telltale signs of frauds and scams? Follow these 12 tips to stay safe from evolving threats and prevent others from falling victim.
-
Watch Out for These Travel Scams This SummerIdentity Theft These travel scams are easy to fall for and could wreck your summer. Take a moment to read up on the warning signs and simple ways to protect yourself.
-
Amazon Resale: Where Amazon Prime Returns Become Your Online BargainsFeature Amazon Resale products may have some imperfections, but that often leads to wildly discounted prices.
-
How to Guard Against Identity Theft in 2025Scammers are getting better at impersonating legitimate businesses.
-
Roth IRA Contribution Limits for 2026Roth IRAs Roth IRAs allow you to save for retirement with after-tax dollars while you're working, and then withdraw those contributions and earnings tax-free when you retire. Here's a look at 2026 limits and income-based phaseouts.
