Banks rated for ID theft

Bank of America, JP Morgan Chase and Washington Mutual rate highest for consumer ID theft protection.

Joris Evers
Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
2 min read
SAN FRANCISCO--Looking for a bank that protects well against identity theft? Bank of America, JP Morgan Chase and Washington Mutual are your best bets, according to a new report.

Out of 24 of the top financial institutions in the U.S., these three banks scored best in a test of their ability to prevent, detect and resolve ID theft, Javelin Strategy & Research said in its annual Banking Identity Safety Scorecard, released Tuesday. KeyBank and Marshall & Ilsley Bank also receive honorable mentions in the report.

Most banks do especially well in resolving identity fraud, such as dealing with disputed transactions on accounts, James Van Dyke, president of Javelin Strategy & Research, said in a presentation at American Banker's 3rd Annual Identity Theft and Fraud Symposium here.

"Prevention and detection are really the next frontier," Van Dyke said. "Financial institutions focus much more on resolving problems after they occur rather than stopping them up front."

Last year, identity theft for the third straight year topped the list of fraud complaints reported to the Federal Trade Commission. Consumers filed more than 255,000 identity theft reports to the FTC in 2005, accounting for more than a third of all complaints the agency received.

Together the 24 banks covered by the Javelin Strategy & Research report cover about 60 percent of the U.S. banking market. The study probed 26 customer-facing capabilities and features of banks, online as well as offline. Mystery callers, for example, phoned banks to try out the customer service representatives, Van Dyke said.

ID theft prevention had the most weight in evaluation. Bank of America's high standing was helped by its introduction of SiteKey, image and text checks that let people know they are on an authentic Bank of America Web site and also verify the identity of the customer. Other financial institutions are expected to introduce similar features soon, Van Dyke said.

"Only Bank of America had two-factor authentication" when we compiled the study results a few weeks ago, he said. "Of course we're going to see a land grab," he added. That's mostly because the Federal Financial Institutions Examination Council last October recommended that banks introduce multiple-factor authentication by the end of 2006.

One way to improve prevention and detection is through alerts. Banks could let customers set up e-mail or cell phone text message alerts, for example, Javelin Strategy & Research said. Another way could be to promote online account monitoring and advanced protection against phishing scams that seek to trick people into giving up account details, the research firm said.

The report covered the following banks: AmSouth, Bank of America, Bank of New York, BB&T, Citibank, E*Trade, Fifth Third Bank, HSBC, JP Morgan Chase, KeyBank, M&T Bank, Marshall & Ilsley Bank, National City Bank, Navy FCU, NetBank, PNC Bank, Regions Bank, Sovereign Bank, SunTrust, Union Bank of California, US Bank, Wachovia, Washington Mutual, and Wells Fargo.