After theft, Bank of America tightens online security

Just days after confirming that information on about 60,000 of its customers had been stolen by an identity-theft ring, Bank of America on Thursday announced plans to tighten security for its online banking customers. Beginning next month, the Charlotte, North Carolina, bank will begin offering a new service called SiteKey that will make it harder for thieves to access Bank of America accounts.

SiteKey will recognize when a Bank of America account is being accessed via an unknown computer and will generate a predetermined "challenge" question, adding another level of security to the process of logging in. The software also lets users choose a specific image -- a photograph of a dog, for example -- that can then be re-shown to users in order to reassure them that they are actually visiting the Bank of America Web site, and not some other site masquerading as www.bofa.com.

The service will be rolled out as an optional feature for the bank's Tennessee customers, beginning next month. It will be available to all of the bank's 13.2 million online banking customers by October, said Betty Riess, a Bank of America spokeswoman. By that time, it is expected to be a mandatory feature, she said.

Riess said that the launch of the new service is designed to address the growing problem of online banking fraud, but was unrelated to the recent identity theft. "That had nothing to do with online banking," she said, without commenting further on the matter.

Bank of America was one of four banks targeted by the identity thieves, who managed to steal information on about 676,000 customers in total.

Police have charged 10 suspects in the case, eight of whom are former bank employees. They are alleged to have obtained the information while working in New Jersey branches of Bank of America, Wachovia Corp., Commerce Bancorp Inc. and PNC Bank NA.

Some of the SiteKey software was developed by PassMark Security, based in Redwood City, California, Riess said.