Bank of America is using technology from California-based PassMark Security to provide a new two factor authentication service, called SiteKey, to its 13.2 million Internet banking customers in the US.
Customers signing up to the free service are asked to select a Passmark - a small image and a brief phrase - and then select three challenge questions. This information is then requested whenever the customer logs in to access an online account.
The bank says the service will prevent fraud as, even if a customer's ID and passcode have been stolen through spyware or a phony Web site, the thief would still would have to answer a challenge question to access the account.
The service will also provide customers with a way to confirm that the bank Web site they visit is legitimate. The PassMark is displayed during log in to a banking site and if the image is correct customers will know the site is genuine and that it is safe to enter passwords.
Sanjay Gupta, e-commerce executive, BoA, says SiteKey is like getting a safe deposit box that takes two keys to open. Before the customer and the bank agree to open the box, they confirm each other's identity: "SiteKey helps you know it's us and we know it's you."
The service will launch in Tennessee in mid-June and will be rolled out across the US by the end of the year.
BoA is currently embroiled in a legal challenge from a Miami businessman over $90,000 he says was stolen from his online banking account by Latvian cybercriminals. He says the thieves authorised a wire transfer out of his account using access details acquired by a Trojan keylogging device on his infected PC.